CVE-2023-32974

A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.1.0.2444 build 20230629 and later
QuTS hero h5.1.0.2424 build 20230609 and later
QuTScloud c5.1.0.2498 and later
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
qnapqts
5.1.0 ≤
𝑥
< 5.1.0.2444
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
qnapqts
5.1.0 ≤
𝑥
< 5.1.0.244
ADP
qnapqutscloud
c5.0.0.1919 ≤
𝑥
< c5.1.0.2498
ADP
qnapquts_hero
h5.1.0 ≤
𝑥
< h5.1.0.2424
ADP
Common Weakness Enumeration
References
https://www.qnap.com/en/security-advisory/qsa-23-42
https://www.qnap.com/en/security-advisory/qsa-23-42