Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2024-27128

Published: 21/05/2024 Updated: 21/05/2024

Vulnerability Summary

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

Recent Articles

QNAP QTS zero-day in Share feature gets public RCE exploit
BleepingComputer • Bill Toulas • 20 May 2024

QNAP QTS zero-day in Share feature gets public RCE exploit By Bill Toulas May 20, 2024 10:57 AM 0 An extensive security audit of QNAP QTS, the operating system for the company's NAS products, has uncovered fifteen vulnerabilities of varying severity, with eleven remaining unfixed. Among them is CVE-2024-27130, an unpatched stack buffer overflow vulnerability in the 'No_Support_ACL' function of 'share.cgi,' which could enable an attacker to perform remote code execution when specific pr...

Read more...

References

CWE-120CWE-121https://www.qnap.com/en/security-advisory/qsa-24-23https://nvd.nist.govhttps://www.bleepingcomputer.com/news/security/qnap-qts-zero-day-in-share-feature-gets-public-rce-exploit/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalationCVE-2024-20696CVE-2024-29829CVE-2024-33999CVE-2024-35646physicalCVE-2024-24919CVE-2024-31030local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook