CVE-2024-32771

Summary

An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors. QuTScloud is not affected.

We have already fixed the vulnerability in the following versions: QTS 5.2.0.2782 build 20240601 and later QuTS hero h5.2.0.2782 build 20240601 and later

Affected Software

VendorProductVersion RangeStatus
QNAP Systems Inc.QTS5.1.x < 5.2.0.2782 build 20240601affected
QNAP Systems Inc.QTS5.0.xunaffected
QNAP Systems Inc.QTS4.5.xunaffected
QNAP Systems Inc.QuTS heroh5.1.x < h5.2.0.2782 build 20240601affected
QNAP Systems Inc.QuTS heroh5.0.xunaffected
QNAP Systems Inc.QuTS heroh4.5.xunaffected
QNAP Systems Inc.QuTScloudc5.0.xunaffected

Weaknesses

  • CWE-307: CWE-307

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References