CVE-2024-53691

High

A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could…

qnap·CWE-59·Published 2024-12-06

CVSS

8.8

EPSS

0.20

KEV

Exploits

cve.orgen

482 chars

A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QTS 5.2.0.2802 build 20240620 and later QuTS hero h5.1.8.2823 build 20240712 and later QuTS hero h5.2.0.2802 build 20240620 and later

NVDen

482 chars

NVDes

575 chars

Se ha informado de una vulnerabilidad de seguimiento de enlaces que afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podría permitir a atacantes remotos que hayan obtenido acceso de usuario atravesar el sistema de archivos hasta ubicaciones no deseadas. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS 5.1.8.2823, compilación 20240712 y posteriores QTS 5.2.0.2802, compilación 20240620 y posteriores QuTS hero h5.1.8.2823, compilación 20240712 y posteriores QuTS hero h5.2.0.2802, compilación 20240620 y posteriores

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0	Primary	cve.org	8.7	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4.0	Secondary	NVD	8.7	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X