Proof-of-Concept Exploit Released for CVE-2024-53691 in QNAP QTS and QuTS NAS

Security researchers claim CVE-2024-53691 could lead to RCE

Threat ID:: CC-4608
Threat Severity:: Medium
Published:: 17 January 2025 4:05 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security researchers claim CVE-2024-53691 could lead to RCE

Affected platforms

The following platforms are known to be affected:

Versions: QTS 5.1.x

QNAP QTS

Versions: QuTS hero h5.1.x

QNAP QuTS Hero

Threat details

Affected version has reached End-of-Life (EOL)

QNAP has stated QTS and QUTS hero version 5.1.x are considered End-of-life (EOL) and are no longer supported. Please refer to QNAP's Operating System Lifecycle Overview for EOL dates.

Introduction

QNAP has released a security advisory addressing three vulnerabilities in the QTS and QuTS products. QTS and QuTS are the operating system for QNAP Network-attached storage (NAS) appliances.

CVE-2023-39298 is a 'Missing authorisation' vulnerability with a CVSSv3 score of 7.8. If exploited, a local attacker with low privileges could access data or perform actions without proper privileges
CVE-2024-53691 is a 'Link following' vulnerability with a CVSSv4 score of 8.7. If exploited, a remote attacker with low privileges could perform path traversal.

The advisory also addresses one further low severity vulnerability.

Proof-of-concept exploit for CVE-2024-53691

Security researchers have released a public proof-of-concept (PoC) exploit for vulnerability CVE-2024-53691, that QNAP states could lead to path traversal. Security researchers claim that the PoC exploit could be used to overwrite critical files and execute remote code (RCE). NHS England National CSOC assesses exploitation as more likely.

Remediation advice

Affected organisations are encouraged to review QNAP's Security Advisory QSA-24-28 and apply any updates as soon as practicable.

Definitive source of threat updates

https://www.qnap.com/en/security-advisory/qsa-24-28

CVE Vulnerabilities

Status Published

CVE-2024-53691

A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QTS 5.2.0.2802 build 20240620 and later QuTS hero h5.1.8.2823 build 20240712 and later QuTS hero h5.2.0.2802 build 20240620 and later

Status Published

CVE-2023-39298

A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors. QuTScloud, is not affected. We have already fixed the vulnerability in the following versions: QTS 5.2.0.2737 build 20240417 and later QuTS hero h5.2.0.2782 build 20240601 and later

Status Published

CVE-2024-32771

An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors. QuTScloud is not affected. We have already fixed the vulnerability in the following versions: QTS 5.2.0.2782 build 20240601 and later QuTS hero h5.2.0.2782 build 20240601 and later

Last edited: 17 January 2025 4:05 pm