Login Sign Up

CVE-2024-38638

7.2 HIGH

📋 TL;DR

An out-of-bounds write vulnerability in QNAP operating systems allows remote attackers with administrator access to modify or corrupt memory. This affects QTS and QuTS hero versions before the patched releases. Systems running QTS 5.2.x/QuTS hero h5.2.x are not vulnerable.

💻 Affected Systems

Products:
  • QNAP QTS
  • QNAP QuTS hero
Versions: Versions before QTS 5.1.9.2954 and QuTS hero h5.1.9.2954
Operating Systems: QNAP NAS operating systems
Default Config Vulnerable: ⚠️ Yes
Notes: QTS 5.2.x and QuTS hero h5.2.x are not affected. Requires administrator access to exploit.

📦 What is this software?

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment

🟠

Likely Case

Memory corruption causing system instability, crashes, or denial of service

🟢

If Mitigated

Limited impact due to requiring administrator credentials and proper network segmentation

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires administrator credentials. No public exploit code known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: QTS 5.1.9.2954 build 20241120 or later, QuTS hero h5.1.9.2954 build 20241120 or later

Vendor Advisory: https://www.qnap.com/en/security-advisory/qsa-24-52

Restart Required: No

Instructions:

1. Log into QNAP web interface. 2. Go to Control Panel > System > Firmware Update. 3. Check for updates and install QTS 5.1.9.2954 or later. 4. Verify update completes successfully.

🔧 Temporary Workarounds

Restrict Administrator Access

all

Limit administrator accounts to only necessary personnel and implement strong authentication

Network Segmentation

all

Isolate QNAP devices from internet and restrict access to trusted networks only

🧯 If You Can't Patch

  • Remove QNAP devices from internet-facing networks immediately
  • Implement strict access controls and monitor for suspicious administrator activity

🔍 How to Verify

Check if Vulnerable:

Check QTS/QuTS hero version in Control Panel > System > Firmware Update

Check Version:

ssh admin@qnap-ip 'cat /etc/version' or check web interface

Verify Fix Applied:

Verify version is QTS 5.1.9.2954 or later, or QuTS hero h5.1.9.2954 or later

📡 Detection & Monitoring

Log Indicators:

  • Unexpected memory access errors
  • System crashes or reboots
  • Unusual administrator login patterns

Network Indicators:

  • Unusual outbound connections from QNAP device
  • Traffic to unexpected ports

SIEM Query:

source="qnap" AND (event_type="memory_error" OR event_type="crash" OR user="admin" AND login_failure>3)

📊 Metadata

CVE ID: CVE-2024-38638
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-787
EPSS Score: 0.15% exploit probability (35.7th percentile)
Published: March 7, 2025
Last Updated: September 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-38638, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)