A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations.
We have already fixed the vulnerability in the following versions:
QTS 5.1.8.2823 build 20240712 and later
QTS 5.2.0.2802 build 20240620 and later
QuTS hero h5.1.8.2823 build 20240712 and later
QuTS hero h5.2.0.2802 build 20240620 and later
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.qnap.com/en/security-advisory/qsa-24-28 |
History
Fri, 06 Dec 2024 21:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Qnap
Qnap qts Qnap quts Hero |
|
CPEs | cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Qnap
Qnap qts Qnap quts Hero |
|
Metrics |
ssvc
|
Fri, 06 Dec 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QTS 5.2.0.2802 build 20240620 and later QuTS hero h5.1.8.2823 build 20240712 and later QuTS hero h5.2.0.2802 build 20240620 and later | |
Title | QTS, QuTS hero | |
Weaknesses | CWE-59 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: qnap
Published: 2024-12-06T16:34:54.018Z
Updated: 2024-12-06T20:21:02.439Z
Reserved: 2024-11-22T06:21:49.206Z
Link: CVE-2024-53691
Vulnrichment
Updated: 2024-12-06T20:20:54.988Z
NVD
Status : Received
Published: 2024-12-06T17:15:10.520
Modified: 2024-12-06T17:15:10.520
Link: CVE-2024-53691
Redhat
No data.