What is the severity of CVE-2024-21902?

The severity of CVE-2024-21902 is assessed as critical due to its potential to allow authenticated users to read or modify critical resources.

How do I fix CVE-2024-21902?

To fix CVE-2024-21902, users should update their QNAP operating system to the latest patched version as detailed in the security advisory.

Which QNAP OS versions are affected by CVE-2024-21902?

CVE-2024-21902 affects several QNAP QTS and QuTS hero operating system versions, specifically those listed in the advisory.

Can CVE-2024-21902 be exploited remotely?

CVE-2024-21902 requires authentication, so exploitation must occur through an authenticated user on the network.

What impact does CVE-2024-21902 have on QNAP systems?

The impact of CVE-2024-21902 may include unauthorized access to critical resources, leading to data exposure or alteration.

Vulnerability/
CVE-2024-21902

high

8.1

CWE

732 200

21/5/2024

11/9/2024

CVE-2024-21902: QTS, QuTS hero

First published: Tue May 21 2024(Updated: )

An incorrect permission assignment for critical resource vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

Credit: security@qnapsecurity.com.tw

Affected Software	Affected Version	How to fix
QNAP QTS	=5.1.0.2348-build_20230325
QNAP QTS	=5.1.0.2399-build_20230515
QNAP QTS	=5.1.0.2418-build_20230603
QNAP QTS	=5.1.0.2444-build_20230629
QNAP QTS	=5.1.0.2466-build_20230721
QNAP QTS	=5.1.1.2491-build_20230815
QNAP QTS	=5.1.2.2533-build_20230926
QNAP QTS	=5.1.3.2578-build_20231110
QNAP QTS	=5.1.4.2596-build_20231128
QNAP QTS	=5.1.5.2645-build_20240116
QNAP QTS	=5.1.5.2679-build_20240219
QNAP QTS	=5.1.6.2722-build_20240402
QNAP QuTS hero	=h5.1.0.2409-build_20230525
QNAP QuTS hero	=h5.1.0.2424-build_20230609
QNAP QuTS hero	=h5.1.0.2453-build_20230708
QNAP QuTS hero	=h5.1.0.2466-build_20230721
QNAP QuTS hero	=h5.1.1.2488-build_20230812
QNAP QuTS hero	=h5.1.2.2534-build_20230927
QNAP QuTS hero	=h5.1.3.2578-build_20231110
QNAP QuTS hero	=h5.1.4.2596-build_20231128
QNAP QuTS hero	=h5.1.5.2647-build_20240118
QNAP QuTS hero	=h5.1.5.2680-build_20240220
QNAP QuTS hero	=h5.1.6.2734-build_20240414

Remedy

We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

Never miss a vulnerability like this again

Reference Links

https://www.qnap.com/en/security-advisory/qsa-24-23

Frequently Asked Questions

What is the severity of CVE-2024-21902?
The severity of CVE-2024-21902 is assessed as critical due to its potential to allow authenticated users to read or modify critical resources.
How do I fix CVE-2024-21902?
To fix CVE-2024-21902, users should update their QNAP operating system to the latest patched version as detailed in the security advisory.
Which QNAP OS versions are affected by CVE-2024-21902?
CVE-2024-21902 affects several QNAP QTS and QuTS hero operating system versions, specifically those listed in the advisory.
Can CVE-2024-21902 be exploited remotely?
CVE-2024-21902 requires authentication, so exploitation must occur through an authenticated user on the network.
What impact does CVE-2024-21902 have on QNAP systems?
The impact of CVE-2024-21902 may include unauthorized access to critical resources, leading to data exposure or alteration.

agent/remedy
agent/weakness
agent/references
agent/title
agent/type
agent/first-publish-date
agent/description
agent/author
agent/event
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/softwarecombine
agent/severity
agent/tags
agent/source
vendor/qnap
canonical/qnap qts
version/qnap qts/5.1.0.2348-build_20230325
version/qnap qts/5.1.0.2399-build_20230515
version/qnap qts/5.1.0.2418-build_20230603
version/qnap qts/5.1.0.2444-build_20230629
version/qnap qts/5.1.0.2466-build_20230721
version/qnap qts/5.1.1.2491-build_20230815
version/qnap qts/5.1.2.2533-build_20230926
version/qnap qts/5.1.3.2578-build_20231110
version/qnap qts/5.1.4.2596-build_20231128
version/qnap qts/5.1.5.2645-build_20240116
version/qnap qts/5.1.5.2679-build_20240219
version/qnap qts/5.1.6.2722-build_20240402
canonical/qnap quts hero
version/qnap quts hero/h5.1.0.2409-build_20230525
version/qnap quts hero/h5.1.0.2424-build_20230609
version/qnap quts hero/h5.1.0.2453-build_20230708
version/qnap quts hero/h5.1.0.2466-build_20230721
version/qnap quts hero/h5.1.1.2488-build_20230812
version/qnap quts hero/h5.1.2.2534-build_20230927
version/qnap quts hero/h5.1.3.2578-build_20231110
version/qnap quts hero/h5.1.4.2596-build_20231128
version/qnap quts hero/h5.1.5.2647-build_20240118
version/qnap quts hero/h5.1.5.2680-build_20240220
version/qnap quts hero/h5.1.6.2734-build_20240414