CVE-2024-37048

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.qnap.com/en/security-advisory/qsa-24-43	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417::::::
	cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424::::::
	cpe:2.3:o:qnap:qts:5.2.0.2782:build_20240601::::::
	cpe:2.3:o:qnap:qts:5.2.0.2802:build_20240620::::::
	cpe:2.3:o:qnap:qts:5.2.0.2823:build_20240711::::::
	cpe:2.3:o:qnap:qts:5.2.0.2851:build_20240808::::::
	cpe:2.3:o:qnap:qts:5.2.0.2860:build_20240817::::::

Configuration 2 (hide)

OR	cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.0.2782:build_20240601::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.0.2789:build_20240607::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.0.2802:build_20240620::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.0.2823:build_20240711::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.0.2851:build_20240808::::::
	cpe:2.3:o:qnap:quts_hero:h5.2.0.2860:build_20240817::::::

History

23 Sep 2025, 13:44

Type	Values Removed	Values Added
CPE		cpe:2.3:o:qnap:qts:5.2.0.2851:build_20240808:::::: cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417:::::: cpe:2.3:o:qnap:qts:5.2.0.2802:build_20240620:::::: cpe:2.3:o:qnap:quts_hero:h5.2.0.2782:build_20240601:::::: cpe:2.3:o:qnap:quts_hero:h5.2.0.2802:build_20240620:::::: cpe:2.3:o:qnap:qts:5.2.0.2860:build_20240817:::::: cpe:2.3:o:qnap:quts_hero:h5.2.0.2851:build_20240808:::::: cpe:2.3:o:qnap:qts:5.2.0.2782:build_20240601:::::: cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417:::::: cpe:2.3:o:qnap:quts_hero:h5.2.0.2823:build_20240711:::::: cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424:::::: cpe:2.3:o:qnap:quts_hero:h5.2.0.2860:build_20240817:::::: cpe:2.3:o:qnap:quts_hero:h5.2.0.2789:build_20240607:::::: cpe:2.3:o:qnap:qts:5.2.0.2823:build_20240711::::::
Summary		(es) Se ha informado de una vulnerabilidad de desreferencia de puntero NULL que afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podría permitir a atacantes remotos que hayan obtenido acceso de administrador lanzar un ataque de denegación de servicio (DoS). Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS 5.2.1.2930, compilación 20241025 y posteriores QuTS hero h5.2.1.2929, compilación 20241025 y posteriores
References	~~() https://www.qnap.com/en/security-advisory/qsa-24-43 -~~	() https://www.qnap.com/en/security-advisory/qsa-24-43 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.9
First Time		Qnap quts Hero Qnap qts Qnap

22 Nov 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-22 16:15

Updated : 2025-09-23 13:44

NVD link : CVE-2024-37048

Mitre link : CVE-2024-37048

CVE.ORG link : CVE-2024-37048

JSON object : View

Products Affected

qnap

quts_hero
qts

CWE

CWE-476

NULL Pointer Dereference

4.9 /10