Lucene search
QnapCVELIST:CVE-2024-38641HistorySep 06, 2024 - 4:27 p.m.
CVE-2024-38641 QTS, QuTS hero
2024-09-0616:27:46
CWE-77
CWE-78
qnap
www.cve.org
1
cve-2024-38641
qnap
os command injection
vulnerability
local network users
unspecified vectors
qts
quts hero
CVSS4
7.3
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
ACTIVE
CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:A/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H
EPSS
0
Percentile
10.2%
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors.
We have already fixed the vulnerability in the following versions:
QTS 5.1.8.2823 build 20240712 and later
QuTS hero h5.1.8.2823 build 20240712 and later
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "QTS",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "5.1.8.2823 build 20240712",
"status": "affected",
"version": "5.1.x",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "QuTS hero",
"vendor": "QNAP Systems Inc.",
"versions": [
{
"lessThan": "h5.1.8.2823 build 20240712",
"status": "affected",
"version": "h5.1.x",
"versionType": "custom"
}
]
}
]Related
vulnrichment
vulnrichment
CVE-2024-38641 QTS, QuTS hero
2024-09-06 16:27:46
nvd
nvd
CVE-2024-38641
2024-09-06 17:15:16
cve
cve
CVE-2024-38641
2024-09-06 17:15:16
openvas
openvas
QNAP QuTS hero Multiple Vulnerabilities (QSA-24-33)
2024-09-10 00:00:00
QNAP QTS Multiple Vulnerabilities (QSA-24-33)
2024-09-10 00:00:00
CVSS4
7.3
Attack Vector
PHYSICAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
ACTIVE
CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:A/VC:H/SC:H/VI:H/SI:H/VA:H/SA:H
EPSS
0
Percentile
10.2%
Related for CVELIST:CVE-2024-38641