Multiple vulnerabilities have been reported to affect certain QNAP operating system versions. QNAP provide network storage devices commonly used in backup solutions.
This issue has been classified as high-risk, with ratings on the CVSSv3 scale of up to 7.3. Due to the nature of this vulnerability, it’s crucial to take immediate action to ensure your systems remain secure.
Some examples patched in this update include:
| Affected Product | Fixed Version |
|---|---|
| QTS 5.2.x | QTS 5.2.3.3006 build 20250108 and later |
| QuTS hero h5.2.x | QuTS hero h5.2.3.3006 build 20250108 and later |
CVE-2024-50405: If exploited, the improper neutralisation of CRLF sequences ('CRLF Injection') vulnerability could allow remote attackers who have gained administrator access to modify application data.
CVE-2024-53692: If exploited, the command injection vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.
To secure your device, we recommend updating your system to the latest version to benefit from vulnerability fixes.