1. Home
  2. CVE Database
  3. CVE-2024-14026
HIGH · 7.8

CVE-2024-14026

A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then explo...

Vulnerability Description

A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.3.3006 build 20250108 and later

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
QnapQts5.1.0.2348
QnapQuts Heroh5.1.0.2409

Related Weaknesses (CWE)

CWE-78

References

FAQ

What is CVE-2024-14026?

CVE-2024-14026 is a vulnerability with a CVSS score of 7.8 (HIGH). A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then explo...

How severe is CVE-2024-14026?

CVE-2024-14026 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-14026?

Check the references section above for vendor advisories and patch information. Affected products include: Qnap Qts, Qnap Quts Hero.