CVE-2024-13086

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

A

n exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: QTS 5.2.0.2851 build 20240808 and later QuTS hero h5.2.0.2851 build 20240808 and later

References

Link	Resource
https://www.qnap.com/en/security-advisory/qsa-25-03	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:qnap:qts::::::::
	cpe:2.3:o:qnap:quts_hero::::::::

History

30 Jan 2026, 18:54

Type	Values Removed	Values Added
First Time		Qnap quts Hero Qnap qts Qnap
References	~~() https://www.qnap.com/en/security-advisory/qsa-25-03 -~~	() https://www.qnap.com/en/security-advisory/qsa-25-03 - Vendor Advisory
CPE		cpe:2.3:o:qnap:qts:::::::: cpe:2.3:o:qnap:quts_hero::::::::

07 Mar 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-07 17:15

Updated : 2026-01-30 18:54

NVD link : CVE-2024-13086

Mitre link : CVE-2024-13086

CVE.ORG link : CVE-2024-13086

JSON object : View

Products Affected

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2024-13086", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-07T17:15:18.430", "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-25-03", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following version:\nQTS 5.2.0.2851 build 20240808 and later\nQuTS hero h5.2.0.2851 build 20240808 and later"}, {"lang": "es", "value": "Se ha informado de una vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial que afecta al producto. Si se explota, la vulnerabilidad podr\u00eda permitir a atacantes remotos comprometer la seguridad del sistema. Ya hemos corregido la vulnerabilidad en la siguiente versi\u00f3n: QTS 5.2.0.2851 build 20240808 y posteriores QuTS hero h5.2.0.2851 build 20240808 y posteriores"}], "lastModified": "2026-01-30T18:54:35.447", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D35E354-F154-4E4B-B92C-B167258C2EED", "versionEndExcluding": "5.2.0.2851", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A25A4BC-D282-4320-AFD6-111693CAF1C0", "versionEndExcluding": "h5.2.0.2851", "versionStartIncluding": "h5.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}