CVE-2024-38641 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2024-38641

Analyzed

More Info Official Page

Source-security@qnapsecurity.com.tw

Published At-06 Sep, 2024 | 17:15

Updated At-16 Sep, 2024 | 12:35

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	7.3	HIGH	CVSS:4.0/AV:P/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CPE Matches

QNAP Systems, Inc.

>>qts>>5.1.0.2348

cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.1.0.2399

cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.1.0.2418

cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.1.0.2444

cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.1.0.2466

cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.1.1.2491

cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.1.2.2533

cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.1.3.2578

cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.1.4.2596

cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.1.5.2645

cpe:2.3:o:qnap:qts:5.1.5.2645:build_20240116:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.1.5.2679

cpe:2.3:o:qnap:qts:5.1.5.2679:build_20240219:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.1.6.2722

cpe:2.3:o:qnap:qts:5.1.6.2722:build_20240402:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.1.7.2770

cpe:2.3:o:qnap:qts:5.1.7.2770:build_20240520:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.1.0.2409

cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.1.0.2424

cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.1.0.2453

cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.1.0.2466

cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.1.1.2488

cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.1.2.2534

cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.1.3.2578

cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.1.4.2596

cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.1.5.2647

cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:build_20240118:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.1.5.2680

cpe:2.3:o:qnap:quts_hero:h5.1.5.2680:build_20240220:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.1.6.2734

cpe:2.3:o:qnap:quts_hero:h5.1.6.2734:build_20240414:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.1.7.2770

cpe:2.3:o:qnap:quts_hero:h5.1.7.2770:build_20240520:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.1.7.2788

cpe:2.3:o:qnap:quts_hero:h5.1.7.2788:build_20240607:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.1.7.2794

cpe:2.3:o:qnap:quts_hero:h5.1.7.2794:build_20240613:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-77	Primary	security@qnapsecurity.com.tw
CWE-78	Primary	security@qnapsecurity.com.tw

References

Hyperlink	Source	Resource
https://www.qnap.com/en/security-advisory/qsa-24-33	security@qnapsecurity.com.tw	Vendor Advisory