CVE-2024-27128
Severity:
MEDIUM
Type:
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Publication date:
21/05/2024
Last modified:
21/05/2024
Description
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network.<br />
<br />
We have already fixed the vulnerability in the following version:<br />
QTS 5.1.7.2770 build 20240520 and later<br />
QuTS hero h5.1.7.2770 build 20240520 and later
Impact
Base Score 3.x
6.40
Severity 3.x
MEDIUM