March 24, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Mozilla Firefox Vulnerabilities
March 10, 2025Cobalt Strike Malware – Active IOCs
March 10, 2025Multiple Mozilla Firefox Vulnerabilities
March 10, 2025Cobalt Strike Malware – Active IOCs
March 10, 2025
Severity
Medium
Analysis Summary
CVE-2024-53700 CVSS:5.1
A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.
CVE-2024-53699 CVSS:2.1
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory.
CVE-2024-53698 CVSS:2.1
A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify memory.
CVE-2024-53697 CVSS:2.1
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory.
CVE-2024-53696 CVSS:5.1
A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data.
CVE-2024-53695 CVSS:6.3
A buffer overflow vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to modify memory or crash processes.
CVE-2024-53694 CVSS:8.6
A time-of-check time-of-use (TOCTOU) race condition vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local attackers who have gained user access to gain access to otherwise unauthorized resources.
Impact
- Gain Access
- Buffer Overflow
Indicators of Compromise
CVE
CVE-2024-53700
CVE-2024-53699
CVE-2024-53698
CVE-2024-53697
CVE-2024-53696
CVE-2024-53695
CVE-2024-53694
Affected Vendors
QNAP
Affected Products
- QNAP QuRouter 2.4.x
- QNAP QTS 5.2.x
- QNAP QuTS hero h5.2.x
- QNAP QuLog Center 1.7.x
- QNAP QuLog Center 1.8.x
- QNAP QTS 4.5.x
- QNAP QuTS hero h4.5.x
- QNAP HBS 3 Hybrid Backup Sync 25.1.x
- QNAP QVPN Device Client for Mac 2.2.x
- QNAP Qsync Client for Mac 5.1.x
- QNAP Qfinder Pro for Mac 7.11.x
Remediation
Refer to QNAP Security Advisory for patch, upgrade, or suggested workaround information.