CVE-2024-56805

CVSS v3 5.4 MEDIUM

5.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify memory or crash processes. We have already fixed the vulnerability in the following versions: QTS 5.2.4.3079 build 20250321 and later QuTS hero h5.2.4.3079 build 20250321 and later

References

Link	Resource
https://www.qnap.com/en/security-advisory/qsa-25-12	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417::::::
	cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424::::::
	cpe:2.3:o:qnap:qts:5.2.0.2782:build_20240601::::::
	cpe:2.3:o:qnap:qts:5.2.0.2802:build_20240620::::::
	cpe:2.3:o:qnap:qts:5.2.0.2823:build_20240711::::::
	cpe:2.3:o:qnap:qts:5.2.0.2851:build_20240808::::::
	cpe:2.3:o:qnap:qts:5.2.0.2860:build_20240817::::::
	cpe:2.3:o:qnap:qts:5.2.1.2930:build_20241025::::::
	cpe:2.3:o:qnap:qts:5.2.2.2950:build_20241114::::::
	cpe:2.3:o:qnap:qts:5.2.3.3006:build_20250108::::::
	cpe:2.3:o:qnap:qts:5.2.4.3070:build_20250312::::::

Configuration 2 (hide)

OR	cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.0.2782:build_20240601::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.0.2789:build_20240607::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.0.2802:build_20240620::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.0.2823:build_20240711::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.0.2851:build_20240808::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.0.2860:build_20240817::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.1.2929:build_20241025::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.1.2940:build_20241105::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.2.2952:build_20241116::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.3.3006:build_20250108::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.4.3070:build_20250312::::::

History

23 Sep 2025, 14:25

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.4
References	~~() https://www.qnap.com/en/security-advisory/qsa-25-12 -~~	() https://www.qnap.com/en/security-advisory/qsa-25-12 - Vendor Advisory
First Time		Qnap Qnap qts Qnap quts Hero
CPE		cpe:2.3:o:qnap:quts_hero:h5.2.0.2802:build_20240620:::::: cpe:2.3:o:qnap:quts_hero:h5.2.1.2929:build_20241025:::::: cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417:::::: cpe:2.3:o:qnap:quts_hero:h5.2.0.2823:build_20240711:::::: cpe:2.3:o:qnap:quts_hero:h5.2.0.2789:build_20240607:::::: cpe:2.3:o:qnap:quts_hero:h5.2.2.2952:build_20241116:::::: cpe:2.3:o:qnap:qts:5.2.3.3006:build_20250108:::::: cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424:::::: cpe:2.3:o:qnap:quts_hero:h5.2.1.2940:build_20241105:::::: cpe:2.3:o:qnap:quts_hero:h5.2.3.3006:build_20250108:::::: cpe:2.3:o:qnap:qts:5.2.0.2860:build_20240817:::::: cpe:2.3:o:qnap:qts:5.2.0.2851:build_20240808:::::: cpe:2.3:o:qnap:quts_hero:h5.2.4.3070:build_20250312:::::: cpe:2.3:o:qnap:quts_hero:h5.2.0.2851:build_20240808:::::: cpe:2.3:o:qnap:qts:5.2.0.2782:build_20240601:::::: cpe:2.3:o:qnap:qts:5.2.0.2823:build_20240711:::::: cpe:2.3:o:qnap:qts:5.2.0.2802:build_20240620:::::: cpe:2.3:o:qnap:quts_hero:h5.2.0.2860:build_20240817:::::: cpe:2.3:o:qnap:qts:5.2.1.2930:build_20241025:::::: cpe:2.3:o:qnap:quts_hero:h5.2.0.2782:build_20240601:::::: cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417:::::: cpe:2.3:o:qnap:qts:5.2.4.3070:build_20250312:::::: cpe:2.3:o:qnap:qts:5.2.2.2950:build_20241114::::::

09 Jun 2025, 12:15

Type	Values Removed	Values Added
Summary		(es) Se ha reportado una vulnerabilidad de desbordamiento de búfer que afecta a varias versiones del sistema operativo QNAP. Si se explota, esta vulnerabilidad podría permitir a atacantes remotos con acceso de usuario modificar la memoria o bloquear procesos. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS 5.2.4.3079, compilación 20250321 y posteriores; QuTS hero h5.2.4.3079, compilación 20250321 y posteriores.

06 Jun 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-06 16:15

Updated : 2025-09-23 14:25

NVD link : CVE-2024-56805

Mitre link : CVE-2024-56805

CVE.ORG link : CVE-2024-56805

JSON object : View

Products Affected

qnap

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-122

Heap-based Buffer Overflow

5.4 /10