CVE-2024-21902

An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

CVSS v3.0 8.1 HIGH

8.1^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.qnap.com/en/security-advisory/qsa-24-23	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325::::::
	cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603::::::
	cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515::::::
	cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721::::::
	cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815::::::
	cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629::::::
	cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110::::::
	cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926::::::
	cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128::::::
	cpe:2.3:o:qnap:qts:5.1.5.2645:build_20240116::::::
	cpe:2.3:o:qnap:qts:5.1.5.2679:build_20240219::::::
	cpe:2.3:o:qnap:qts:5.1.6.2722:build_20240402::::::

Configuration 2 (hide)

OR	cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:build_20240118::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.5.2680:build_20240220::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.6.2734:build_20240414::::::

History

11 Sep 2024, 13:37

Type	Values Removed	Values Added
CPE		cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:build_20240118:::::: cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:::::: cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:::::: cpe:2.3:o:qnap:qts:5.1.5.2679:build_20240219:::::: cpe:2.3:o:qnap:quts_hero:h5.1.5.2680:build_20240220:::::: cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:::::: cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:::::: cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:::::: cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:::::: cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128:::::: cpe:2.3:o:qnap:quts_hero:h5.1.6.2734:build_20240414:::::: cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:::::: cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:::::: cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:::::: cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:::::: cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:::::: cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:::::: cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:::::: cpe:2.3:o:qnap:qts:5.1.6.2722:build_20240402:::::: cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:::::: cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:::::: cpe:2.3:o:qnap:qts:5.1.5.2645:build_20240116:::::: cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325::::::
First Time		Qnap Qnap qts Qnap quts Hero
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 8.1
References	~~() https://www.qnap.com/en/security-advisory/qsa-24-23 -~~	() https://www.qnap.com/en/security-advisory/qsa-24-23 - Vendor Advisory

21 May 2024, 16:53

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-21 16:15

Updated : 2024-09-11 13:37

NVD link : CVE-2024-21902

Mitre link : CVE-2024-21902

JSON object : View

Products Affected

qnap

quts_hero
qts

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-732

Incorrect Permission Assignment for Critical Resource

8.1 /10