CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
9.5%
An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors.
QuTScloud is not affected.
We have already fixed the vulnerability in the following versions:
QTS 5.2.0.2782 build 20240601 and later
QuTS hero h5.2.0.2782 build 20240601 and later
Vendor | Product | Version | CPE |
---|---|---|---|
qnap | qts | 5.1.0.2348 | cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:* |
qnap | qts | 5.1.0.2399 | cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:* |
qnap | qts | 5.1.0.2418 | cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:* |
qnap | qts | 5.1.0.2444 | cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:* |
qnap | qts | 5.1.0.2466 | cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:* |
qnap | qts | 5.1.1.2491 | cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:* |
qnap | qts | 5.1.2.2533 | cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:* |
qnap | qts | 5.1.3.2578 | cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:* |
qnap | qts | 5.1.4.2596 | cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:*:*:*:*:*:* |
qnap | qts | 5.1.5.2645 | cpe:2.3:o:qnap:qts:5.1.5.2645:build_20240116:*:*:*:*:*:* |