CVE-2024-14026
EUVD-2024-5547511.03.2026, 08:16
A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.3.3006 build 20250108 and later
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| qnap | qts | 5.1.0.2348:build_20230325 |
| qnap | qts | 5.1.0.2399:build_20230515 |
| qnap | qts | 5.1.0.2418:build_20230603 |
| qnap | qts | 5.1.0.2444:build_20230629 |
| qnap | qts | 5.1.0.2466:build_20230721 |
| qnap | qts | 5.1.1.2491:build_20230815 |
| qnap | qts | 5.1.2.2533:build_20230926 |
| qnap | qts | 5.1.3.2578:build_20231110 |
| qnap | qts | 5.1.4.2596:build_20231128 |
| qnap | qts | 5.1.5.2645:build_20240116 |
| qnap | qts | 5.1.5.2679:build_20240219 |
| qnap | qts | 5.1.6.2722:build_20240402 |
| qnap | qts | 5.1.7.2770:build_20240520 |
| qnap | qts | 5.1.8.2823:build_20240712 |
| qnap | qts | 5.2.0.2737:build_20240417 |
| qnap | qts | 5.2.0.2744:build_20240424 |
| qnap | qts | 5.2.0.2782:build_20240601 |
| qnap | qts | 5.2.0.2802:build_20240620 |
| qnap | qts | 5.2.0.2823:build_20240711 |
| qnap | qts | 5.2.0.2851:build_20240808 |
| qnap | qts | 5.2.0.2860:build_20240817 |
| qnap | qts | 5.2.1.2930:build_20241025 |
| qnap | qts | 5.2.2.2950:build_20241114 |
𝑥
= Vulnerable software versions