CVE-2024-53693

High

An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system…

qnap·CWE-93·Published 2025-03-07

CVSS

7.1

EPSS

0.00

KEV

Exploits

cve.orgen

417 chars

An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later

NVDen

417 chars

NVDes

463 chars

Se ha informado de una vulnerabilidad de neutralización incorrecta de secuencias CRLF ('inyección CRLF') que afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podría permitir a atacantes remotos que hayan obtenido acceso de usuario modificar datos de la aplicación. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS 5.2.3.3006 build 20250108 y posteriores QuTS hero h5.2.3.3006 build 20250108 y posteriores

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	7.1	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
3.1	Primary	cve.org	7.1	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
3.1	Secondary	NVD	7.1	2.8	4.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
4.0	Primary	cve.org	7.1	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
4.0	Secondary	NVD	7.1	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X