We have already fixed the vulnerability in the following versions:
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.2.3.3006 build 20250108 and later
Metrics
Affected Vendors & Products
Solution
We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later
Workaround
No workaround given by the vendor.
Link | Providers |
---|---|
https://www.qnap.com/en/security-advisory/qsa-24-54 |
![]() ![]() |
Mon, 22 Sep 2025 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Qnap
Qnap qts Qnap quts Hero |
|
CPEs | cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.2.0.2782:build_20240601:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.2.0.2802:build_20240620:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.2.0.2823:build_20240711:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.2.0.2851:build_20240808:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.2.0.2860:build_20240817:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.2.1.2930:build_20241025:*:*:*:*:*:* cpe:2.3:o:qnap:qts:5.2.2.2950:build_20241114:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.2.0.2782:build_20240601:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.2.0.2789:build_20240607:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.2.0.2802:build_20240620:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.2.0.2823:build_20240711:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.2.0.2851:build_20240808:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.2.0.2860:build_20240817:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.2.1.2929:build_20241025:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.2.1.2940:build_20241105:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h5.2.2.2952:build_20241116:*:*:*:*:*:* |
|
Vendors & Products |
Qnap
Qnap qts Qnap quts Hero |
Fri, 07 Mar 2025 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
Fri, 07 Mar 2025 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later | |
Title | QTS, QuTS hero | |
Weaknesses | CWE-400 CWE-93 CWE-94 |
|
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: qnap
Published:
Updated: 2025-03-07T17:08:09.353Z
Reserved: 2024-11-22T06:21:49.206Z
Link: CVE-2024-53693

Updated: 2025-03-07T17:07:51.676Z

Status : Analyzed
Published: 2025-03-07T17:15:19.910
Modified: 2025-09-20T03:28:14.740
Link: CVE-2024-53693

No data.

No data.