RCE in Qnap Systems Inc. Qts

CVE-2024-14026

A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitra…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.000 (3.9th percentile) — read the EPSS interpretation.

Affected products

Qnap Systems Inc. Qts — versions 5.1.x, 5.2.x
Qnap Systems Inc. Quts Hero — versions h5.1.x, h5.2.x

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

www.qnap.com/en/security-advisory/qsa-24-54