{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2024-049.pdf"
    },
    "title": "Multiple Vulnerabilities in QNAP Products",
    "serial_number": "2024-049",
    "publish_date": "22-05-2024 17:54:50",
    "description": "On May 21, 2024, QNAP released a security advisory addressing multiple flaws, including a zero-day vulnerability in the shared feature of QTS. These vulnerabilities could allow remote attackers to execute arbitrary code.<br>\nIt is strongly advised updating affected systems to the latest versions to mitigate these risks.<br>\n",
    "url_title": "2024-049",
    "content_markdown": "---\ntitle: 'Multiple Vulnerabilities in\u00a0QNAP\u00a0Products'\nnumber: '2024-049'\nversion: '1.0'\noriginal_date: 'May 21, 2024'\ndate: 'May 22, 2024'\n---\n\n_History:_\n\n* _22/05/2024 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn May 21, 2024, QNAP released a security advisory addressing multiple flaws, including a zero-day vulnerability in the shared feature of QTS [1,2,3]. These vulnerabilities could allow remote attackers to execute arbitrary code.\n\nIt is strongly advised updating affected systems to the latest versions to mitigate these risks.\n\n# Technical Details\n\nThe vulnerability **CVE-2024-27130**, with a CVSS score of 7.2, is due to improper input validation in the shared feature of QTS that could allow remote attackers to execute arbitrary code. An attacker can exploit the vulnerability through a specially crafted request that causes a buffer overflow, leading to remote code execution. Successful exploitation requires access to a specific parameter [1,2]. \n\n# Affected Products\n\n- QTS QTS 5.1.x (fixed version is QTS 5.1.7.2770 build 20240520 and later) [3];\n- QuTS hero h5.1.x (fixed version is QuTS hero h5.1.7.2770 build 20240520 and later) [3].\n\n# Recommendations\n\nIt is strongly recommended updating affected devices to a fixed version.\n\n# References\n\n[1] <https://www.bleepingcomputer.com/news/security/qnap-qts-zero-day-in-share-feature-gets-public-rce-exploit/>\n\n[2] <https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/>\n\n[3] <https://www.qnap.com/en/security-advisory/qsa-24-23>",
    "content_html": "<p><em>History:</em></p><ul><li><em>22/05/2024 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On May 21, 2024, QNAP released a security advisory addressing multiple flaws, including a zero-day vulnerability in the shared feature of QTS [1,2,3]. These vulnerabilities could allow remote attackers to execute arbitrary code.</p><p>It is strongly advised updating affected systems to the latest versions to mitigate these risks.</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability <strong>CVE-2024-27130</strong>, with a CVSS score of 7.2, is due to improper input validation in the shared feature of QTS that could allow remote attackers to execute arbitrary code. An attacker can exploit the vulnerability through a specially crafted request that causes a buffer overflow, leading to remote code execution. Successful exploitation requires access to a specific parameter [1,2]. </p><h2 id=\"affected-products\">Affected Products</h2><ul><li>QTS QTS 5.1.x (fixed version is QTS 5.1.7.2770 build 20240520 and later) [3];</li><li>QuTS hero h5.1.x (fixed version is QuTS hero h5.1.7.2770 build 20240520 and later) [3].</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>It is strongly recommended updating affected devices to a fixed version.</p><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.bleepingcomputer.com/news/security/qnap-qts-zero-day-in-share-feature-gets-public-rce-exploit/\">https://www.bleepingcomputer.com/news/security/qnap-qts-zero-day-in-share-feature-gets-public-rce-exploit/</a></p><p>[2] <a rel=\"noopener\" target=\"_blank\" href=\"https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/\">https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/</a></p><p>[3] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.qnap.com/en/security-advisory/qsa-24-23\">https://www.qnap.com/en/security-advisory/qsa-24-23</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}