CVE-2024-37045

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.qnap.com/en/security-advisory/qsa-24-43	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417::::::
	cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424::::::
	cpe:2.3:o:qnap:qts:5.2.0.2782:build_20240601::::::
	cpe:2.3:o:qnap:qts:5.2.0.2802:build_20240620::::::
	cpe:2.3:o:qnap:qts:5.2.0.2823:build_20240711::::::
	cpe:2.3:o:qnap:qts:5.2.0.2851:build_20240808::::::
	cpe:2.3:o:qnap:qts:5.2.0.2860:build_20240817::::::

Configuration 2 (hide)

OR	cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.0.2782:build_20240601::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.0.2789:build_20240607::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.0.2802:build_20240620::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.0.2823:build_20240711::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.0.2851:build_20240808::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.0.2860:build_20240817::::::

History

No history.

Information

Published : 2024-11-22 16:15

Updated : 2025-09-23 12:08

NVD link : CVE-2024-37045

Mitre link : CVE-2024-37045

CVE.ORG link : CVE-2024-37045

JSON object : View

Products Affected

qnap

qts
quts_hero

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2024-37045", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2024-11-22T16:15:23.513", "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-24-43", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.2.1.2930 build 20241025 and later\nQuTS hero h5.2.1.2929 build 20241025 and later"}, {"lang": "es", "value": "Se ha informado de una vulnerabilidad de desreferencia de puntero NULL que afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podr\u00eda permitir a atacantes remotos que hayan obtenido acceso de administrador lanzar un ataque de denegaci\u00f3n de servicio (DoS). Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS 5.2.1.2930, compilaci\u00f3n 20241025 y posteriores QuTS hero h5.2.1.2929, compilaci\u00f3n 20241025 y posteriores"}], "lastModified": "2025-09-23T12:08:05.357", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4026A4B-7AB4-48EA-971D-88DFDD3F01A7"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1F3F99BB-0D68-4D74-92C8-59E24F96C50D"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2782:build_20240601:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DE63B4D-8E84-41D3-B1F3-04AE6040242B"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2802:build_20240620:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75746563-C648-4E55-9126-703F915F8B8A"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2823:build_20240711:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF6BA027-A635-4E90-80C8-130B10AB3D23"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2851:build_20240808:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5406F242-A215-4B07-809F-7A7CE55ACE71"}, {"criteria": "cpe:2.3:o:qnap:qts:5.2.0.2860:build_20240817:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA17778E-B3B1-44DD-B4E9-5AD25A3E804C"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDCBB36A-CB91-4BA3-A6ED-952E6A4A0481"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2782:build_20240601:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "240BCFF1-CCCB-4C07-8E2C-7F43F68407FC"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2789:build_20240607:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3AF7276-77E0-474A-B10F-AC15BC5FCF00"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2802:build_20240620:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5FA8C3EC-B6C0-44A8-BC91-18E3E90C63AB"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2823:build_20240711:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "889336D2-D9F7-4CC0-A22F-B837B5E77751"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2851:build_20240808:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98F72EB9-0EE3-416A-B9BB-2512F5203A5A"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:h5.2.0.2860:build_20240817:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9110382F-57C2-4C2E-82D1-3246C882B2C3"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}