QNAP QTS/QuTS hero prior 5.1.8.2823 Build 20240712 Network / Virtual Switch ip address for authentication
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.1 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as problematic has been discovered in QNAP QTS and QuTS hero. This affects an unknown part of the component Network / Virtual Switch. Such manipulation leads to ip address for authentication. This vulnerability is referenced as CVE-2024-32765. The attack can only be performed from a local environment. No exploit is available. It is advisable to upgrade the affected component.
Details
A vulnerability was found in QNAP QTS and QuTS hero and classified as problematic. Affected by this issue is an unknown functionality of the component Network / Virtual Switch. The manipulation with an unknown input leads to a ip address for authentication vulnerability. Using CWE to declare the problem leads to CWE-291. The product uses an IP address for authentication. Impacted is confidentiality, integrity, and availability. CVE summarizes:
A vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow local authenticated administrators to gain access to and execute certain functions via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later
The weakness was published by Zdi-can-22458 as qsa-24-14. The advisory is shared for download at qnap.com. This vulnerability is handled as CVE-2024-32765 since 04/18/2024. The exploitation is known to be easy. The attack needs to be approached locally. The exploitation requires an enhanced level of successful authentication. There are neither technical details nor an exploit publicly available.
Upgrading to version 5.1.8.2823 Build 20240712 eliminates this vulnerability.
Once again VulDB remains the best source for vulnerability data.
Product
Type
Vendor
Name
Version
License
Website
- Vendor: https://www.qnap.com/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.2VulDB Meta Temp Score: 4.1
VulDB Base Score: 4.2
VulDB Temp Score: 4.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 4.2
CNA Vector (qnap): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Ip address for authenticationCWE: CWE-291 / CWE-287
CAPEC: 🔍
ATT&CK: 🔍
Physical: Partially
Local: Yes
Remote: No
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: QTS/QuTS hero 5.1.8.2823 Build 20240712
Timeline
04/18/2024 🔍08/09/2024 🔍
08/10/2024 🔍
12/10/2025 🔍
Sources
Vendor: qnap.comAdvisory: qsa-24-14
Researcher: Zdi-can-22458
Status: Confirmed
CVE: CVE-2024-32765 (🔍)
GCVE (CVE): GCVE-0-2024-32765
GCVE (VulDB): GCVE-100-274100
Entry
Created: 08/10/2024 00:45Updated: 12/10/2025 23:20
Changes: 08/10/2024 00:45 (66), 12/10/2025 23:20 (1)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.