PT-2024-10312 · Qnap · Qts+1
Anh Nguyen Le Quoc
+5
·
Published
2024-12-06
·
Updated
2025-09-23
·
CVE-2024-50402
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
QTS versions prior to 5.1.9.2954 build 20241120
QTS versions prior to 5.2.2.2950 build 20241114
QuTS hero versions prior to h5.1.9.2954 build 20241120
QuTS hero versions prior to h5.2.2.2952 build 20241116
Description
The issue is related to insufficient processing of format strings in QNAP operating systems, including QuTS hero and QTS. This could allow a remote attacker to gain unauthorized access to protected information with root privileges. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.
Recommendations
For QTS versions prior to 5.1.9.2954 build 20241120, update to version 5.1.9.2954 build 20241120 or later.
For QTS versions prior to 5.2.2.2950 build 20241114, update to version 5.2.2.2950 build 20241114 or later.
For QuTS hero versions prior to h5.1.9.2954 build 20241120, update to version h5.1.9.2954 build 20241120 or later.
For QuTS hero versions prior to h5.2.2.2952 build 20241116, update to version h5.2.2.2952 build 20241116 or later.
Fix
Use of Externally-Controlled Format String
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Qts
Quts Hero