A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later
The product dereferences a pointer that it expects to be valid but is NULL.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Qts | Qnap | 5.2.0.2737-build_20240417 (including) | 5.2.0.2737-build_20240417 (including) |
| Qts | Qnap | 5.2.0.2744-build_20240424 (including) | 5.2.0.2744-build_20240424 (including) |
| Qts | Qnap | 5.2.0.2782-build_20240601 (including) | 5.2.0.2782-build_20240601 (including) |
| Qts | Qnap | 5.2.0.2802-build_20240620 (including) | 5.2.0.2802-build_20240620 (including) |
| Qts | Qnap | 5.2.0.2823-build_20240711 (including) | 5.2.0.2823-build_20240711 (including) |
| Qts | Qnap | 5.2.0.2851-build_20240808 (including) | 5.2.0.2851-build_20240808 (including) |
| Qts | Qnap | 5.2.0.2860-build_20240817 (including) | 5.2.0.2860-build_20240817 (including) |