Description
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
Low
Affected products
- QNAP Systems Inc. / QTS5.1.x – 5.1.7.2770 build 20240520
- QNAP Systems Inc. / QuTS heroh5.1.x – h5.1.7.2770 build 20240520