CVE-2024-21899

🗓️ 08 Mar 2024 16:17:25Reported by qnapType

cve🔗 web.nvd.nist.gov📰️ 2 Media mentions👁 144 Views

CVE-2024-21899: Improper authentication vulnerability in QNAP O

Reporter	Title	Published	Views	Family All 16
BDU FSTEC	The vulnerability of the QTS, QuTS Hero, QuTScloud, and myQNAPcloud operating systems lies in the lack of authentication procedures, which allow attackers to gain full access to devices controlled by the vulnerable operating system.	11 Mar 202400:00	–	bdu_fstec
Circl	CVE-2024-21899	8 Mar 202418:26	–	circl
CNNVD	QNAP Systems Multiple Product Licensing Issues Vulnerabilities	8 Mar 202400:00	–	cnnvd
Cvelist	CVE-2024-21899 QTS, QuTS hero, QuTScloud	8 Mar 202416:17	–	cvelist
NVD	CVE-2024-21899	8 Mar 202417:15	–	nvd
OpenVAS	QNAP QTS Multiple Vulnerabilities (QSA-24-09)	12 Mar 202400:00	–	openvas
OpenVAS	QNAP QuTS hero Multiple Vulnerabilities (QSA-24-09)	11 Mar 202400:00	–	openvas
OpenVAS	QNAP QuTScloud Multiple Vulnerabilities (QSA-24-09)	12 Mar 202400:00	–	openvas
OSV	CVE-2024-21899	8 Mar 202417:15	–	osv
Prion	Authentication flaw	8 Mar 202417:15	–	prion

NVD

Node

qnap qtsRange<4.5.4.2627

qnap qtsRange5.1.0–5.1.3.2578

qnap qtsMatch4.5.4.2627-

qnap qtsMatch5.1.3.2578-

qnap quts_heroRange<h4.5.4.2626

qnap quts_heroRangeh5.1.0–h5.1.3.2578

qnap quts_heroMatchh4.5.4.2626-

qnap quts_heroMatchh5.1.3.2578-

qnap qutscloudRange<c5.1.5.2651

[
  {
    "defaultStatus": "unaffected",
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.1.3.2578 build 20231110",
        "status": "affected",
        "version": "5.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "4.5.4.2627 build 20231225",
        "status": "affected",
        "version": "4.5.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h5.1.3.2578 build 20231110",
        "status": "affected",
        "version": "h5.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "h4.5.4.2626 build 20231225",
        "status": "affected",
        "version": "h4.5.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTScloud",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "c5.1.5.2651",
        "status": "affected",
        "version": "c5.x.x",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
qnap	www.qnap.com/en/security-advisory/qsa-24-09

17 Jun 2026 07:10Current

9.4High risk

Vulners AI Score9.4

CVSS 3.19.8

EPSS0.24365

SSVC