CVE-2024-27130

HIGH

CVSS v3

8.8

HIGH

EPSS Score

81.0%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

Technical Details

Published
5/21/2024

Frequently Asked Questions

What is CVE-2024-27130?

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

Is CVE-2024-27130 actively exploited?

Active exploitation of CVE-2024-27130 has not been confirmed. The EPSS score is 81.0%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2024-27130?

CVE-2024-27130 has a CVSS v3 base score of 8.8 (HIGH severity).

Is CVE-2024-27130 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.