Vulnerability in QNAP Products (AL01/250310/CSIRT-ITA)

Summary

QNAP security updates address 15 new vulnerabilities in various products.

Risk

Vulnerability Community Impact Estimation: High (66.41)

Type

Arbitrary Code Execution
Data Manipulation
Security Feature Bypass

Affected Products and Versions

QNAP

Helpdesk 3.3.x, versions prior to 3.3.3
QTS 5.2.x, versions prior to 5.2.3.3006 build 20250108
QuTS hero h5.2.x, versions prior to h5.2.3.3006 build 20250108
QuRouter 2.4.x, versions prior to 2.4.5.032

Mitigation Actions

In line with vendor statements, it is recommended to update the affected products following the indications reported in the security bulletins, available in the References section.

The following are only the CVEs for vulnerabilities with severity “critical” and “high”:

CVE
CVE-2024-50390
CVE-2024-50394
CVE-2024-53693

References

https://www.qnap.com/en/security-advisories

https://www.qnap.com/en/security-advisory/qsa-25-05

https://www.qnap.com/en/security-advisory/qsa-25-01

https://www.qnap.com/en/security-advisory/qsa-24-54

¹This estimate is made taking into account several parameters, including: CVSS, availability of patches/workarounds and PoC, diffusion of the affected software/devices in the reference community.

Home

Some companies that have chosen us

Professional qualifications

Vulnerability in QNAP Products (AL01/250310/CSIRT-ITA)

Recommended to you

HONG KONG SUPERVISORY AUTHORITY: Publishes Investigation Findingson the Data Breach Incident of the Companies...

ROMANIAN SUPERVISORY AUTHORITY: Sanction for violation of the GDPR

LATVIAN SUPERVISORY AUTHORITY: Can my personal data be transferred to extrajudicial debt collection or...

CROATIAN SUPERVISORY AUTHORITY: A new coordinated action by the EDPB has begun: the right...

CISCO Product Updates (AL01/230112/CSIRT-ITA)

HONG KONG SUPERVISORY AUTHORITY: A Female Arrested for Suspected Doxxing Arising from Online Shopping Dispute