Input validation

2024-02-0216:15:00

PRIOn knowledge base

www.prio-n.com

buffer copy vulnerability

qnap os

code execution

authenticated admins

qts

quts hero

qutscloud

security patch.

7.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

23.1%

JSON

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.1.3.2578 build 20231110 and later
QuTS hero h5.1.3.2578 build 20231110 and later
QuTScloud c5.1.5.2651 and later

CPENameOperatorVersion
qtseq5.1.0.2348 build-20230325
qtseq5.1.0.2418 build-20230603
qtseq5.1.0.2399 build-20230515
qtseq5.1.0.2466 build-20230721
qtseq5.1.1.2491 build-20230815
qtseq5.1.0.2444 build-20230629
qtseq5.1.2.2533 build-20230926
qtseq5.1.3.2578
quts_heroeqh5.1.0.2409 build-20230525
quts_heroeqh5.1.1.2488 build-20230812

Name	Operator	Version
qts	eq	5.1.0.2348 build-20230325
qts	eq	5.1.0.2418 build-20230603
qts	eq	5.1.0.2399 build-20230515
qts	eq	5.1.0.2466 build-20230721
qts	eq	5.1.1.2491 build-20230815
qts	eq	5.1.0.2444 build-20230629
qts	eq	5.1.2.2533 build-20230926
qts	eq	5.1.3.2578
quts_hero	eq	h5.1.0.2409 build-20230525
quts_hero	eq	h5.1.1.2488 build-20230812