PT-2025-10106 · Qnap · Qnap Qts+1

Izutzienbinhnt

Published

2025-03-07

Updated

2025-03-08

CVE-2024-53693

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Name of the Vulnerable Software and Affected Versions QNAP QTS versions prior to 5.2.3.3006 build 20250108 QNAP QuTS hero versions prior to h5.2.3.3006 build 20250108

Description An improper neutralization of CRLF sequences, also known as 'CRLF Injection', has been reported. This issue could allow remote attackers with user access to modify application data.

Recommendations For QNAP QTS versions prior to 5.2.3.3006 build 20250108, update to QTS 5.2.3.3006 build 20250108 or later. For QNAP QuTS hero versions prior to h5.2.3.3006 build 20250108, update to QuTS hero h5.2.3.3006 build 20250108 or later.

Fix

Resource Exhaustion

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-94CWE-93

Related Identifiers

CVE-2024-53693

Affected Products

Qnap Qts

Qnap Quts Hero

PT-2025-10106 · Qnap · Qnap Qts+1

CVE-2024-53693

Weakness Enumeration

Related Identifiers

Affected Products

References · 6