What is the severity of CVE-2024-32763?

The severity of CVE-2024-32763 is considered high due to the potential for authenticated users to execute arbitrary code via a network.

How do I fix CVE-2024-32763?

To fix CVE-2024-32763, update your QNAP operating system to the latest version that addresses this vulnerability.

What versions of QNAP are affected by CVE-2024-32763?

CVE-2024-32763 affects various versions of QNAP QTS and QuTS hero, specifically those prior to the fixed builds mentioned in the advisory.

Can CVE-2024-32763 be exploited remotely?

Yes, CVE-2024-32763 can be exploited over the network, allowing attackers to execute code if they have authenticated access.

Is CVE-2024-32763 related to any specific QNAP products?

CVE-2024-32763 is related to multiple QNAP operating system versions, impacting devices reliant on the QNAP QTS and QuTS hero environments.

Vulnerability/
CVE-2024-32763

high

8.8

CWE

120 122

6/9/2024

20/9/2024

CVE-2024-32763: QTS, QuTS hero

First published: Fri Sep 06 2024(Updated: )

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later

Credit: security@qnapsecurity.com.tw

Affected Software	Affected Version	How to fix
QNAP QTS	=5.1.0.2348-build_20230325
QNAP QTS	=5.1.0.2399-build_20230515
QNAP QTS	=5.1.0.2418-build_20230603
QNAP QTS	=5.1.0.2444-build_20230629
QNAP QTS	=5.1.0.2466-build_20230721
QNAP QTS	=5.1.1.2491-build_20230815
QNAP QTS	=5.1.2.2533-build_20230926
QNAP QTS	=5.1.3.2578-build_20231110
QNAP QTS	=5.1.4.2596-build_20231128
QNAP QTS	=5.1.5.2645-build_20240116
QNAP QTS	=5.1.5.2679-build_20240219
QNAP QTS	=5.1.6.2722-build_20240402
QNAP QTS	=5.1.7.2770-build_20240520
QNAP QuTS hero	=h5.1.0.2409-build_20230525
QNAP QuTS hero	=h5.1.0.2424-build_20230609
QNAP QuTS hero	=h5.1.0.2453-build_20230708
QNAP QuTS hero	=h5.1.0.2466-build_20230721
QNAP QuTS hero	=h5.1.1.2488-build_20230812
QNAP QuTS hero	=h5.1.2.2534-build_20230927
QNAP QuTS hero	=h5.1.3.2578-build_20231110
QNAP QuTS hero	=h5.1.4.2596-build_20231128
QNAP QuTS hero	=h5.1.5.2647-build_20240118
QNAP QuTS hero	=h5.1.5.2680-build_20240220
QNAP QuTS hero	=h5.1.6.2734-build_20240414
QNAP QuTS hero	=h5.1.7.2770-build_20240520
QNAP QuTS hero	=h5.1.7.2788-build_20240607
QNAP QuTS hero	=h5.1.7.2794-build_20240613

Remedy

We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QuTS hero h5.1.8.2823 build 20240712 and later

Never miss a vulnerability like this again

Reference Links

https://www.qnap.com/en/security-advisory/qsa-24-33

Frequently Asked Questions

What is the severity of CVE-2024-32763?
The severity of CVE-2024-32763 is considered high due to the potential for authenticated users to execute arbitrary code via a network.
How do I fix CVE-2024-32763?
To fix CVE-2024-32763, update your QNAP operating system to the latest version that addresses this vulnerability.
What versions of QNAP are affected by CVE-2024-32763?
CVE-2024-32763 affects various versions of QNAP QTS and QuTS hero, specifically those prior to the fixed builds mentioned in the advisory.
Can CVE-2024-32763 be exploited remotely?
Yes, CVE-2024-32763 can be exploited over the network, allowing attackers to execute code if they have authenticated access.
Is CVE-2024-32763 related to any specific QNAP products?
CVE-2024-32763 is related to multiple QNAP operating system versions, impacting devices reliant on the QNAP QTS and QuTS hero environments.

agent/references
agent/title
agent/remedy
agent/weakness
agent/type
agent/first-publish-date
agent/description
agent/author
agent/event
collector/mitre-cve
source/MITRE
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/severity
agent/softwarecombine
agent/tags
agent/source
vendor/qnap
canonical/qnap qts
version/qnap qts/5.1.0.2348-build_20230325
version/qnap qts/5.1.0.2399-build_20230515
version/qnap qts/5.1.0.2418-build_20230603
version/qnap qts/5.1.0.2444-build_20230629
version/qnap qts/5.1.0.2466-build_20230721
version/qnap qts/5.1.1.2491-build_20230815
version/qnap qts/5.1.2.2533-build_20230926
version/qnap qts/5.1.3.2578-build_20231110
version/qnap qts/5.1.4.2596-build_20231128
version/qnap qts/5.1.5.2645-build_20240116
version/qnap qts/5.1.5.2679-build_20240219
version/qnap qts/5.1.6.2722-build_20240402
version/qnap qts/5.1.7.2770-build_20240520
canonical/qnap quts hero
version/qnap quts hero/h5.1.0.2409-build_20230525
version/qnap quts hero/h5.1.0.2424-build_20230609
version/qnap quts hero/h5.1.0.2453-build_20230708
version/qnap quts hero/h5.1.0.2466-build_20230721
version/qnap quts hero/h5.1.1.2488-build_20230812
version/qnap quts hero/h5.1.2.2534-build_20230927
version/qnap quts hero/h5.1.3.2578-build_20231110
version/qnap quts hero/h5.1.4.2596-build_20231128
version/qnap quts hero/h5.1.5.2647-build_20240118
version/qnap quts hero/h5.1.5.2680-build_20240220
version/qnap quts hero/h5.1.6.2734-build_20240414
version/qnap quts hero/h5.1.7.2770-build_20240520
version/qnap quts hero/h5.1.7.2788-build_20240607
version/qnap quts hero/h5.1.7.2794-build_20240613