CVE-2024-53693
HIGHDescription
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later
Is your site exposed to CVE-2024-53693?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| qnap | qts |
| qnap | qts |
| qnap | qts |
| qnap | qts |
| qnap | qts |
| qnap | qts |
| qnap | qts |
| qnap | qts |
| qnap | qts |
| qnap | quts_hero |
| qnap | quts_hero |
| qnap | quts_hero |
| qnap | quts_hero |
| qnap | quts_hero |
| qnap | quts_hero |
| qnap | quts_hero |
| qnap | quts_hero |
| qnap | quts_hero |
| qnap | quts_hero |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-53693? +
How severe is CVE-2024-53693? +
What products are affected by CVE-2024-53693? +
How do I check if I'm vulnerable to CVE-2024-53693? +
Related Vulnerabilities
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows HTTP request splitting and cookie smuggling via unvalidated …
A privilege escalation vulnerability exists in the HTTP authentication component in Archer VX1800v v1. Improper handling of user-controlled input may …
sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow …
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field …
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in elixir-mint Mint allows HTTP Request Splitting and HTTP Request Smuggling. In …
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, several Net::IMAP …