vulnerability
QNAP QTS: CVE-2024-53691: Vulnerabilities in QTS and QuTS hero
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Sep 7, 2024 | Aug 4, 2025 | Oct 16, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Sep 7, 2024
Added
Aug 4, 2025
Modified
Oct 16, 2025
Description
Multiple vulnerabilities have been reported to affect certain QNAP operating system versions: CVE-2024-32771: If exploited, the improper restriction of excessive authentication attempts vulnerability could allow attackers to use bruce force attacks to gain privileged access. CVE-2023-39298: If exploited, the missing authorization vulnerability could allow local attackers who have gained user access to access data or perform actions without the proper privileges. CVE-2024-53691: If exploited, the link following vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerabilities in the following versions:
Solution
qnap-qts-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.