A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.1.2930 build 20241025 and later
QuTS hero h5.2.1.2929 build 20241025 and later
References
| Link | Resource |
|---|---|
| https://www.qnap.com/en/security-advisory/qsa-24-43 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
23 Sep 2025, 13:44
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.9 |
| First Time |
Qnap
Qnap quts Hero Qnap qts |
|
| CPE | cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.2.0.2860:build_20240817:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.2.0.2851:build_20240808:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.2.0.2860:build_20240817:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.2.0.2851:build_20240808:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.2.0.2802:build_20240620:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.2.0.2823:build_20240711:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.2.0.2789:build_20240607:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.2.0.2802:build_20240620:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.2.0.2823:build_20240711:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.2.0.2782:build_20240601:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.2.0.2782:build_20240601:*:*:*:*:*:* |
|
| References | () https://www.qnap.com/en/security-advisory/qsa-24-43 - Vendor Advisory |
Information
Published : 2024-11-22 16:15
Updated : 2025-09-23 13:44
NVD link : CVE-2024-37048
Mitre link : CVE-2024-37048
CVE.ORG link : CVE-2024-37048
JSON object : View
Products Affected
qnap
- qts
- quts_hero
CWE
CWE-476
NULL Pointer Dereference