Description
A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors. QuTScloud, is not affected. We have already fixed the vulnerability in the following versions: QTS 5.2.0.2737 build 20240417 and later QuTS hero h5.2.0.2782 build 20240601 and later
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- QNAP Systems Inc. / QTS5.0.x – 5.0.x
- QNAP Systems Inc. / QTS4.5.x – 4.5.x
- QNAP Systems Inc. / QTS5.1.x – 5.2.0.2737 build 20240417
- QNAP Systems Inc. / QuTScloudc5.0.x – h5.2.0.2782 build 20240601
- QNAP Systems Inc. / QuTS heroh5.1.x – h5.2.0.2782 build 20240601
- QNAP Systems Inc. / QuTS heroh5.0.x – h5.0.x
- QNAP Systems Inc. / QuTS heroh4.5.x – h4.5.x