Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2024-21899

Published: 08/03/2024 Updated: 13/03/2024
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Qts

Vulnerability Summary

An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qnap qts 5.1.3.2578

qnap quts hero h5.1.3.2578

qnap qts 4.5.4.2627

qnap quts hero h4.5.4.2626

qnap qts

qnap qutscloud

qnap quts hero

Github Repositories

https://github.com/JohnHormond/CVE-2024-21899-RCE-exploit

Critical CVE-2024-21899 Vulnerability in QNAP Products

CVE-2024-21899-RCE Critical RCE CVE-2024-21899 Vulnerability in QNAP Products Date of published 2024/03/12 🔥 CVSS: 98/10 Description QNAP recently addressed three vulnerabilities affecting their QTS, QuTS hero, QuTScloud, and myQNAPcloud products One of these vulnerabilities is of critical severity, marking a concerning development in the vulnerability landscape These vu

https://github.com/JohnHormond/CVE-2024-21899

Critical CVE-2024-21899 Vulnerability in QNAP Products

CVE-2024-21899 Critical CVE-2024-21899 Vulnerability in QNAP Products

https://github.com/Oxdestiny/CVE-2024-21899-RCE-POC

Critical RCE CVE-2024-21899 Vulnerability in QNAP Products

CVE-2024-21899-RCE Critical RCE CVE-2024-21899 Vulnerability in QNAP Products Date of published 27/03/2024 🔥 CVSS: 98/10 Description QNAP recently addressed three vulnerabilities affecting their QTS, QuTS hero, QuTScloud, and myQNAPcloud products One of these vulnerabilities is of critical severity, marking a concerning development in the vulnerability landscape These vu

Recent Articles

QNAP warns of critical auth bypass flaw in its NAS devices
BleepingComputer • Bill Toulas • 08 Mar 2024

QNAP warns of critical auth bypass flaw in its NAS devices By Bill Toulas March 8, 2024 03:03 PM 0 QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices. The Taiwanese Network Attached Storage (NAS) device maker disclosed three vulnerabilities that can lead to an authentication bypass, command injection, and SQL injection. While the last two require the attackers to be authenticated...

Read more...

References

CWE-287https://www.qnap.com/en/security-advisory/qsa-24-09https://nvd.nist.govhttps://github.com/JohnHormond/CVE-2024-21899-RCE-exploithttps://www.bleepingcomputer.com/news/security/qnap-warns-of-critical-auth-bypass-flaw-in-its-nas-devices/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionSSRFbuffer overflowCVE-2023-28952CVE-2023-41822CVE-2024-27956CVE-2023-7028CVE-2024-34447CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook