PT-2025-10100 · Qnap · Qnap Qts+1

Leeya_Bug

Published

2025-03-07

Updated

2025-09-23

CVE-2024-38638

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QNAP QTS versions prior to 5.1.9.2954 build 20241120 QNAP QuTS hero h5.1.9 versions prior to 5.1.9.2954 build 20241120

Description An out-of-bounds write issue has been reported, potentially allowing remote attackers with administrator access to modify or corrupt memory.

Recommendations For QNAP QTS versions prior to 5.1.9.2954 build 20241120, update to QTS 5.1.9.2954 build 20241120 or later. For QNAP QuTS hero h5.1.9 versions prior to 5.1.9.2954 build 20241120, update to QuTS hero h5.1.9.2954 build 20241120 or later.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2024-38638

Affected Products

Qnap Qts

Quts Hero H5.1.9

PT-2025-10100 · Qnap · Qnap Qts+1

CVE-2024-38638

Weakness Enumeration

Related Identifiers

Affected Products

References · 7