Lucene search

[email protected]NVD:CVE-2024-21904

HistorySep 06, 2024 - 5:15 p.m.

CVE-2024-21904

2024-09-0617:15:14

CWE-22

[email protected]

web.nvd.nist.gov

cve-2024-21904

qnap

path traversal

vulnerability

qts

quts hero

sensitive data

network exposure

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

19.8%

JSON

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.1.7.2770 build 20240520 and later
QuTS hero h5.1.7.2770 build 20240520 and later

Affected configurations

Nvd

Node

qnapqtsMatch5.1.0.2348build_20230325

qnapqtsMatch5.1.0.2399build_20230515

qnapqtsMatch5.1.0.2418build_20230603

qnapqtsMatch5.1.0.2444build_20230629

qnapqtsMatch5.1.0.2466build_20230721

qnapqtsMatch5.1.1.2491build_20230815

qnapqtsMatch5.1.2.2533build_20230926

qnapqtsMatch5.1.3.2578build_20231110

qnapqtsMatch5.1.4.2596build_20231128

qnapqtsMatch5.1.5.2645build_20240116

qnapqtsMatch5.1.5.2679build_20240219

qnapqtsMatch5.1.6.2722build_20240402

Node

qnapquts_heroMatchh5.1.0.2409build_20230525

qnapquts_heroMatchh5.1.0.2424build_20230609

qnapquts_heroMatchh5.1.0.2453build_20230708

qnapquts_heroMatchh5.1.0.2466build_20230721

qnapquts_heroMatchh5.1.1.2488build_20230812

qnapquts_heroMatchh5.1.2.2534build_20230927

qnapquts_heroMatchh5.1.3.2578build_20231110

qnapquts_heroMatchh5.1.4.2596build_20231128

qnapquts_heroMatchh5.1.5.2647build_20240118

qnapquts_heroMatchh5.1.5.2680build_20240220

qnapquts_heroMatchh5.1.6.2734build_20240414

VendorProductVersionCPE
qnapqts5.1.0.2348cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*
qnapqts5.1.0.2399cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*
qnapqts5.1.0.2418cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*
qnapqts5.1.0.2444cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*
qnapqts5.1.0.2466cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*
qnapqts5.1.1.2491cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*
qnapqts5.1.2.2533cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*
qnapqts5.1.3.2578cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*
qnapqts5.1.4.2596cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:*:*:*:*:*:*
qnapqts5.1.5.2645cpe:2.3:o:qnap:qts:5.1.5.2645:build_20240116:*:*:*:*:*:*

Vendor	Product	Version	CPE
qnap	qts	5.1.0.2348	cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325::::::
qnap	qts	5.1.0.2399	cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515::::::
qnap	qts	5.1.0.2418	cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603::::::
qnap	qts	5.1.0.2444	cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629::::::
qnap	qts	5.1.0.2466	cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721::::::
qnap	qts	5.1.1.2491	cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815::::::
qnap	qts	5.1.2.2533	cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926::::::
qnap	qts	5.1.3.2578	cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110::::::
qnap	qts	5.1.4.2596	cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128::::::
qnap	qts	5.1.5.2645	cpe:2.3:o:qnap:qts:5.1.5.2645:build_20240116::::::

Rows per page:

1-10 of 231

References

www.qnap.com/en/security-advisory/qsa-24-23

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

19.8%

JSON

Related for NVD:CVE-2024-21904

cvelist1 cve1 vulnrichment1 openvas2