CVE-2024-38641

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later

CVSS v3.0 7.8 HIGH

7.8^/10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.qnap.com/en/security-advisory/qsa-24-33	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325::::::
	cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603::::::
	cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515::::::
	cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721::::::
	cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815::::::
	cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629::::::
	cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110::::::
	cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926::::::
	cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128::::::
	cpe:2.3:o:qnap:qts:5.1.5.2645:build_20240116::::::
	cpe:2.3:o:qnap:qts:5.1.5.2679:build_20240219::::::
	cpe:2.3:o:qnap:qts:5.1.6.2722:build_20240402::::::
	cpe:2.3:o:qnap:qts:5.1.7.2770:build_20240520::::::

Configuration 2 (hide)

OR	cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:build_20240118::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.5.2680:build_20240220::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.6.2734:build_20240414::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.7.2770:build_20240520::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.7.2788:build_20240607::::::
	cpe:2.3:o:qnap:quts_hero:h5.1.7.2794:build_20240613::::::

History

16 Sep 2024, 12:35

Type	Values Removed	Values Added
References	~~() https://www.qnap.com/en/security-advisory/qsa-24-33 -~~	() https://www.qnap.com/en/security-advisory/qsa-24-33 - Vendor Advisory
First Time		Qnap Qnap qts Qnap quts Hero
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CPE		cpe:2.3:o:qnap:quts_hero:h5.1.7.2794:build_20240613:::::: cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:build_20240118:::::: cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:::::: cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:::::: cpe:2.3:o:qnap:qts:5.1.5.2679:build_20240219:::::: cpe:2.3:o:qnap:quts_hero:h5.1.5.2680:build_20240220:::::: cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:::::: cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:::::: cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:::::: cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:::::: cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128:::::: cpe:2.3:o:qnap:quts_hero:h5.1.6.2734:build_20240414:::::: cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:::::: cpe:2.3:o:qnap:qts:5.1.7.2770:build_20240520:::::: cpe:2.3:o:qnap:quts_hero:h5.1.7.2770:build_20240520:::::: cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:::::: cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:::::: cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:::::: cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:::::: cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:::::: cpe:2.3:o:qnap:quts_hero:h5.1.7.2788:build_20240607:::::: cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:::::: cpe:2.3:o:qnap:qts:5.1.6.2722:build_20240402:::::: cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:::::: cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:::::: cpe:2.3:o:qnap:qts:5.1.5.2645:build_20240116:::::: cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325::::::

06 Sep 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-06 17:15

Updated : 2024-09-16 12:35

NVD link : CVE-2024-38641

Mitre link : CVE-2024-38641

JSON object : View

Products Affected

qnap

quts_hero
qts

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

7.8 /10