CVE-2018-14747: Null Pointer Dereference
First published: Wed Nov 28 2018(Updated: )
NULL Pointer Dereference vulnerability in QTS 4.3.5 build 20181013, QTS 4.3.4 build 20181008, QTS 4.3.3 build 20180829, QTS 4.2.6 build 20180829 and earlier versions could allow remote attackers to crash the NAS media server.
Credit: security@qnapsecurity.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QNAP QTS | =4.2.6 | |
| QNAP QTS | =4.3.3 | |
| QNAP QTS | =4.3.4 | |
| QNAP QTS | =4.3.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-14747?
CVE-2018-14747 is considered a medium severity vulnerability due to the potential for remote attackers to crash the NAS media server.
How do I fix CVE-2018-14747?
To fix CVE-2018-14747, update QTS to the latest version as recommended by QNAP's security advisory.
Which versions of QTS are affected by CVE-2018-14747?
CVE-2018-14747 affects QTS versions 4.2.6, 4.3.3, 4.3.4, and 4.3.5.
What type of vulnerability is CVE-2018-14747?
CVE-2018-14747 is classified as a NULL Pointer Dereference vulnerability.
What impact does CVE-2018-14747 have on the system?
CVE-2018-14747 can allow remote attackers to crash the NAS media server, leading to denial of service.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/event
- agent/tags
- agent/source
- vendor/qnap
- canonical/qnap qts
- version/qnap qts/4.2.6
- version/qnap qts/4.3.3
- version/qnap qts/4.3.4
- version/qnap qts/4.3.5