vulnerability
QNAP QTS: CVE-2024-53691: Vulnerabilities in QTS and QuTS hero
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Sep 7, 2024 | Aug 4, 2025 | Mar 25, 2026 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Sep 7, 2024
Added
Aug 4, 2025
Modified
Mar 25, 2026
Description
Multiple vulnerabilities have been reported to affect certain QNAP operating system versions: CVE-2024-32771: If exploited, the improper restriction of excessive authentication attempts vulnerability could allow attackers to use bruce force attacks to gain privileged access. CVE-2023-39298: If exploited, the missing authorization vulnerability could allow local attackers who have gained user access to access data or perform actions without the proper privileges. CVE-2024-53691: If exploited, the link following vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerabilities in the following versions:
Solution
qnap-qts-upgrade-latest
References
- CWE-59
- CVE-2024-53691
- https://attackerkb.com/topics/CVE-2024-53691
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53691
- https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2024-53691
- https://www.qnap.com/en-uk/security-advisory/QSA-24-28
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2024-52034
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.