Multiple QNAP Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-53700 CVSS:5.1

A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.

CVE-2024-53699 CVSS:2.1

An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory.

CVE-2024-53698 CVSS:2.1

A double free vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify memory.

CVE-2024-53697 CVSS:2.1

CVE-2024-53696 CVSS:5.1

A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data.

CVE-2024-53695 CVSS:6.3

A buffer overflow vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to modify memory or crash processes.

CVE-2024-53694 CVSS:8.6

A time-of-check time-of-use (TOCTOU) race condition vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local attackers who have gained user access to gain access to otherwise unauthorized resources.

Impact