CVE-2024-14026

Published: Mar 11, 2026 Last Modified: Mar 12, 2026
ExploitDB:
Other exploit source:
Google Dorks:
LOW 2,0
Source: [email protected]
Attack Vector: physical
Attack Complexity: low
Privileges Required: low
User Interaction: active
Confidentiality: N/A
Integrity: N/A
Availability: N/A
HIGH 7,8
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high

Description

AI Translation Available

A command injection vulnerability has been reported to affect several QNAP operating system versions. If an attacker gains local network access who have also gained a user account, they can then exploit the vulnerability to execute arbitrary commands.

We have already fixed the vulnerability in the following versions:
QTS 5.1.9.2954 build 20241120 and later
QTS 5.2.3.3006 build 20250108 and later
QuTS hero h5.1.9.2954 build 20241120 and later
QuTS hero h5.2.3.3006 build 20250108 and later

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0023
Percentile
0,5th
Updated

EPSS Score Trend (Last 7 Days)

78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Availability Non-Repudiation
Potential Impacts:
Execute Unauthorized Code Or Commands Dos: Crash, Exit, Or Restart Read Files Or Directories Modify Files Or Directories Read Application Data Modify Application Data Hide Activities
Applicable Platforms
Technologies: AI/ML, Not Technology-Specific, Web Server
Likelihood of Exploit: High
View CWE Details
Operating System

Quts Hero by Qnap

Product Information
Vendor Qnap
Product Quts Hero
Version h5.1.5.2680
cpe:2.3:o:qnap:quts_hero:h5.1.5.2680:build_20240220:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Qts by Qnap

Product Information
Vendor Qnap
Product Qts
Version 5.2.0.2782
cpe:2.3:o:qnap:qts:5.2.0.2782:build_20240601:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Qts by Qnap

Product Information
Vendor Qnap
Product Qts
Version 5.2.0.2744
cpe:2.3:o:qnap:qts:5.2.0.2744:build_20240424:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Quts Hero by Qnap

Product Information
Vendor Qnap
Product Quts Hero
Version h5.2.0.2782
cpe:2.3:o:qnap:quts_hero:h5.2.0.2782:build_20240601:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Qts by Qnap

Product Information
Vendor Qnap
Product Qts
Version 5.1.0.2348
cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Quts Hero by Qnap

Product Information
Vendor Qnap
Product Quts Hero
Version h5.1.7.2794
cpe:2.3:o:qnap:quts_hero:h5.1.7.2794:build_20240613:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Qts by Qnap

Product Information
Vendor Qnap
Product Qts
Version 5.1.0.2444
cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Quts Hero by Qnap

Product Information
Vendor Qnap
Product Quts Hero
Version h5.1.3.2578
cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:build_20231110:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Qts by Qnap

Product Information
Vendor Qnap
Product Qts
Version 5.1.8.2823
cpe:2.3:o:qnap:qts:5.1.8.2823:build_20240712:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Quts Hero by Qnap

Product Information
Vendor Qnap
Product Quts Hero
Version h5.1.0.2453
cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Qts by Qnap

Product Information
Vendor Qnap
Product Qts
Version 5.2.0.2851
cpe:2.3:o:qnap:qts:5.2.0.2851:build_20240808:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Qts by Qnap

Product Information
Vendor Qnap
Product Qts
Version 5.1.5.2679
cpe:2.3:o:qnap:qts:5.1.5.2679:build_20240219:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Qts by Qnap

Product Information
Vendor Qnap
Product Qts
Version 5.1.0.2466
cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Quts Hero by Qnap

Product Information
Vendor Qnap
Product Quts Hero
Version h5.2.0.2802
cpe:2.3:o:qnap:quts_hero:h5.2.0.2802:build_20240620:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Qts by Qnap

Product Information
Vendor Qnap
Product Qts
Version 5.2.2.2950
cpe:2.3:o:qnap:qts:5.2.2.2950:build_20241114:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Qts by Qnap

Product Information
Vendor Qnap
Product Qts
Version 5.1.3.2578
cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Quts Hero by Qnap

Product Information
Vendor Qnap
Product Quts Hero
Version h5.1.1.2488
cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Quts Hero by Qnap

Product Information
Vendor Qnap
Product Quts Hero
Version h5.1.7.2788
cpe:2.3:o:qnap:quts_hero:h5.1.7.2788:build_20240607:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Quts Hero by Qnap

Product Information
Vendor Qnap
Product Quts Hero
Version h5.1.0.2409
cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Qts by Qnap

Product Information
Vendor Qnap
Product Qts
Version 5.2.0.2802
cpe:2.3:o:qnap:qts:5.2.0.2802:build_20240620:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Quts Hero by Qnap

Product Information
Vendor Qnap
Product Quts Hero
Version h5.1.5.2647
cpe:2.3:o:qnap:quts_hero:h5.1.5.2647:build_20240118:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Quts Hero by Qnap

Product Information
Vendor Qnap
Product Quts Hero
Version h5.2.1.2940
cpe:2.3:o:qnap:quts_hero:h5.2.1.2940:build_20241105:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Qts by Qnap

Product Information
Vendor Qnap
Product Qts
Version 5.1.2.2533
cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Qts by Qnap

Product Information
Vendor Qnap
Product Qts
Version 5.1.0.2418
cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Qts by Qnap

Product Information
Vendor Qnap
Product Qts
Version 5.1.4.2596
cpe:2.3:o:qnap:qts:5.1.4.2596:build_20231128:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Quts Hero by Qnap

Product Information
Vendor Qnap
Product Quts Hero
Version h5.1.2.2534
cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Quts Hero by Qnap

Product Information
Vendor Qnap
Product Quts Hero
Version h5.2.0.2823
cpe:2.3:o:qnap:quts_hero:h5.2.0.2823:build_20240711:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Quts Hero by Qnap

Product Information
Vendor Qnap
Product Quts Hero
Version h5.2.0.2860
cpe:2.3:o:qnap:quts_hero:h5.2.0.2860:build_20240817:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Quts Hero by Qnap

Product Information
Vendor Qnap
Product Quts Hero
Version h5.1.6.2734
cpe:2.3:o:qnap:quts_hero:h5.1.6.2734:build_20240414:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Quts Hero by Qnap

Product Information
Vendor Qnap
Product Quts Hero
Version h5.1.4.2596
cpe:2.3:o:qnap:quts_hero:h5.1.4.2596:build_20231128:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Quts Hero by Qnap

Product Information
Vendor Qnap
Product Quts Hero
Version h5.2.0.2851
cpe:2.3:o:qnap:quts_hero:h5.2.0.2851:build_20240808:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Quts Hero by Qnap

Product Information
Vendor Qnap
Product Quts Hero
Version h5.1.7.2770
cpe:2.3:o:qnap:quts_hero:h5.1.7.2770:build_20240520:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Qts by Qnap

Product Information
Vendor Qnap
Product Qts
Version 5.2.0.2823
cpe:2.3:o:qnap:qts:5.2.0.2823:build_20240711:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Qts by Qnap

Product Information
Vendor Qnap
Product Qts
Version 5.1.5.2645
cpe:2.3:o:qnap:qts:5.1.5.2645:build_20240116:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Qts by Qnap

Product Information
Vendor Qnap
Product Qts
Version 5.1.0.2399
cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Quts Hero by Qnap

Product Information
Vendor Qnap
Product Quts Hero
Version h5.2.0.2737
cpe:2.3:o:qnap:quts_hero:h5.2.0.2737:build_20240417:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Qts by Qnap

Product Information
Vendor Qnap
Product Qts
Version 5.1.1.2491
cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Quts Hero by Qnap

Product Information
Vendor Qnap
Product Quts Hero
Version h5.2.0.2789
cpe:2.3:o:qnap:quts_hero:h5.2.0.2789:build_20240607:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Quts Hero by Qnap

Product Information
Vendor Qnap
Product Quts Hero
Version h5.1.0.2466
cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Quts Hero by Qnap

Product Information
Vendor Qnap
Product Quts Hero
Version h5.1.8.2823
cpe:2.3:o:qnap:quts_hero:h5.1.8.2823:build_20240712:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Quts Hero by Qnap

Product Information
Vendor Qnap
Product Quts Hero
Version h5.2.1.2929
cpe:2.3:o:qnap:quts_hero:h5.2.1.2929:build_20241025:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Qts by Qnap

Product Information
Vendor Qnap
Product Qts
Version 5.1.7.2770
cpe:2.3:o:qnap:qts:5.1.7.2770:build_20240520:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Qts by Qnap

Product Information
Vendor Qnap
Product Qts
Version 5.2.1.2930
cpe:2.3:o:qnap:qts:5.2.1.2930:build_20241025:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Qts by Qnap

Product Information
Vendor Qnap
Product Qts
Version 5.1.6.2722
cpe:2.3:o:qnap:qts:5.1.6.2722:build_20240402:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Quts Hero by Qnap

Product Information
Vendor Qnap
Product Quts Hero
Version h5.2.2.2952
cpe:2.3:o:qnap:quts_hero:h5.2.2.2952:build_20241116:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Qts by Qnap

Product Information
Vendor Qnap
Product Qts
Version 5.2.0.2737
cpe:2.3:o:qnap:qts:5.2.0.2737:build_20240417:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Quts Hero by Qnap

Product Information
Vendor Qnap
Product Quts Hero
Version h5.1.0.2424
cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Qts by Qnap

Product Information
Vendor Qnap
Product Qts
Version 5.2.0.2860
cpe:2.3:o:qnap:qts:5.2.0.2860:build_20240817:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.qnap.com/en/security-advisory/qsa-24-54
https://www.qnap.com/en/security-advisory/qsa-24-54