Severity
High
Analysis Summary
CVE-2023-32974 CVSS:7.5
QNAP QTS, QuTS hero, and QuTScloud could allow a remote attacker to traverse directories on the system, caused by improper validation of user request. An attacker could send a specially crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.
CVE-2023-32973 CVSS:3.8
QNAP QTS, QuTS hero, and QuTScloud are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. By sending a specially crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system.
CVE-2023-32970 CVSS:4.9
QNAP QTS, QuTS hero, and QuTScloud are vulnerable to a denial of service, caused by a NULL pointer dereference flaw. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition.
Impact
- Denial of Service
- Information Theft
- Buffer Overflow
Indicators Of Compromise
CVE
- CVE-2023-32974
- CVE-2023-32973
- CVE-2023-32970
Affected Vendors
QNAP
Affected Products
- QNAP QuTS hero h5.1.0
- QNAP QTS 5.1.0
- QNAP QuTScloud c5.0
- QNAP QTS 4.5.0
- QNAP QTS 5.0.0
- QNAP QuTS Hero h5.0.0
- QNAP QuTS Hero h4.50
Remediation
Refer to QNAP Security Advisory for patch, upgrade or suggested workaround information.