QNAP QTS: CVE-2024-50405: Multiple Vulnerabilities in QTS and QuTS hero

Multiple vulnerabilities have been reported to affect certain QNAP operating system versions: CVE-2024-50405: If exploited, the improper neutralization of CRLF sequences ('CRLF Injection') vulnerability could allow remote attackers who have gained administrator access to modify application data. CVE-2024-53692: If exploited, the command injection vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. CVE-2024-53693: If exploited, the improper neutralization of CRLF sequences ('CRLF Injection') vulnerability could allow remote attackers who have gained user access to modify application data. CVE-2024-53697, CVE-2024-53699: If exploited, the out-of-bounds write vulnerabilities could allow remote attackers who have gained administrator access to modify or corrupt memory. CVE-2024-53698: If exploited, the double free vulnerability could allow remote attackers who have gained administrator access to modify memory. CVE-2024-14026: If an attacker gains local network access and has also gained a user account, they can then exploit the command injection vulnerability to execute arbitrary commands. We have already fixed the vulnerabilities in the following versions: