CVE-2024-32765

CVSS v3 4.2 MEDIUM

4.2^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 3.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

A

vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow local authenticated administrators to gain access to and execute certain functions via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later

References

Link	Resource
https://www.qnap.com/en/security-advisory/qsa-24-14	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:qnap:qts::::::::
	cpe:2.3:o:qnap:quts_hero::::::::

History

10 Dec 2025, 22:02

Type	Values Removed	Values Added
CPE		cpe:2.3:o:qnap:quts_hero:::::::: cpe:2.3:o:qnap:qts::::::::
References	~~() https://www.qnap.com/en/security-advisory/qsa-24-14 -~~	() https://www.qnap.com/en/security-advisory/qsa-24-14 - Vendor Advisory
First Time		Qnap quts Hero Qnap Qnap qts

12 Aug 2024, 13:41

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-08-12 13:38

Updated : 2025-12-10 22:02

NVD link : CVE-2024-32765

Mitre link : CVE-2024-32765

CVE.ORG link : CVE-2024-32765

JSON object : View

Products Affected

CWE

CWE-291

Reliance on IP Address for Authentication

CWE-306

Missing Authentication for Critical Function

{"id": "CVE-2024-32765", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 0.8}]}, "published": "2024-08-12T13:38:20.823", "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-24-14", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-291"}, {"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been reported to affect Network & Virtual Switch. If exploited, the vulnerability could allow local authenticated administrators to gain access to and execute certain functions via unspecified vectors.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.1.8.2823 build 20240712 and later\nQuTS hero h5.1.8.2823 build 20240712 and later"}, {"lang": "es", "value": "Se ha informado que una vulnerabilidad afecta la red y el conmutador virtual. Si se explota, la vulnerabilidad podr\u00eda permitir a los administradores locales autenticados obtener acceso y ejecutar ciertas funciones a trav\u00e9s de vectores no especificados. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: QTS 5.1.8.2823 build 20240712 y posteriores QuTS hero h5.1.8.2823 build 20240712 y posteriores"}], "lastModified": "2025-12-10T22:02:55.677", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B27FBF31-D0FB-40E8-8188-8EE9892AE968", "versionEndExcluding": "5.1.8.2823", "versionStartIncluding": "5.1.0"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C925B746-4DB2-47A4-BA5D-40ED9A1F6951", "versionEndExcluding": "h5.1.8.2823", "versionStartIncluding": "h5.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}