A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.
We have already fixed the vulnerability in the following versions: QTS 5.1.2.2533 build 20230926 and later QuTS hero h5.1.2.2534 build 20230927 and later QuTScloud c5.1.5.2651 and later
Weakness
The product dereferences a pointer that it expects to be valid but is NULL.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Qts | Qnap | 5.1.0.2348-build_20230325 (including) | 5.1.0.2348-build_20230325 (including) |
| Qts | Qnap | 5.1.0.2399-build_20230515 (including) | 5.1.0.2399-build_20230515 (including) |
| Qts | Qnap | 5.1.0.2418-build_20230603 (including) | 5.1.0.2418-build_20230603 (including) |
| Qts | Qnap | 5.1.0.2444-build_20230629 (including) | 5.1.0.2444-build_20230629 (including) |
| Qts | Qnap | 5.1.0.2466-build_20230721 (including) | 5.1.0.2466-build_20230721 (including) |
| Qts | Qnap | 5.1.1.2491-build_20230815 (including) | 5.1.1.2491-build_20230815 (including) |
| Qts | Qnap | 5.1.2.2533 (including) | 5.1.2.2533 (including) |
| Quts_hero | Qnap | h5.1.0.2409-build_20230525 (including) | h5.1.0.2409-build_20230525 (including) |
| Quts_hero | Qnap | h5.1.0.2424-build_20230609 (including) | h5.1.0.2424-build_20230609 (including) |
| Quts_hero | Qnap | h5.1.0.2453-build_20230708 (including) | h5.1.0.2453-build_20230708 (including) |
| Quts_hero | Qnap | h5.1.0.2466-build_20230721 (including) | h5.1.0.2466-build_20230721 (including) |
| Quts_hero | Qnap | h5.1.1.2488-build_20230812 (including) | h5.1.1.2488-build_20230812 (including) |
| Quts_hero | Qnap | h5.1.2.2534 (including) | h5.1.2.2534 (including) |
| Qutscloud | Qnap | c5.1.0.2498-build_20230822 (including) | c5.1.0.2498-build_20230822 (including) |