CVE-2024-50402

06.12.2024, 17:15

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory.

We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.2.2950 build 20241114 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.2.2952 build 20241116 and later

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.2 HIGH	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
qnap	CNA	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 38%

Vendor	Product	Version
qnap	qts	5.1.0.2348:build_20230325
qnap	qts	5.1.0.2399:build_20230515
qnap	qts	5.1.0.2418:build_20230603
qnap	qts	5.1.0.2444:build_20230629
qnap	qts	5.1.0.2466:build_20230721
qnap	qts	5.1.1.2491:build_20230815
qnap	qts	5.1.2.2533:build_20230926
qnap	qts	5.1.3.2578:build_20231110
qnap	qts	5.1.4.2596:build_20231128
qnap	qts	5.1.5.2645:build_20240116
qnap	qts	5.1.5.2679:build_20240219
qnap	qts	5.1.6.2722:build_20240402
qnap	qts	5.1.7.2770:build_20240520
qnap	qts	5.1.8.2823:build_20240712
qnap	qts	5.2.0.2737:build_20240417
qnap	qts	5.2.0.2744:build_20240424
qnap	qts	5.2.0.2782:build_20240601
qnap	qts	5.2.0.2802:build_20240620
qnap	qts	5.2.0.2823:build_20240711
qnap	qts	5.2.0.2851:build_20240808
qnap	qts	5.2.0.2860:build_20240817
qnap	qts	5.2.1.2930:build_20241025

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-134 - Use of Externally-Controlled Format String
The software uses a function that accepts a format string as an argument, but the format string originates from an external source.

References

https://www.qnap.com/en/security-advisory/qsa-24-49