Login Sign Up

CVE-2024-56807

5.5 MEDIUM

📋 TL;DR

An out-of-bounds read vulnerability in QNAP Media Streaming add-on allows attackers with local network access to read sensitive memory contents. This affects QNAP NAS devices running vulnerable versions of the Media Streaming add-on. Attackers can potentially extract secret data from the application's memory.

💻 Affected Systems

Products:
  • QNAP Media Streaming add-on
Versions: All versions before 500.1.1.6
Operating Systems: QTS, QuTS hero
Default Config Vulnerable: ⚠️ Yes
Notes: Affects QNAP NAS devices with Media Streaming add-on installed. Requires local network access to exploit.

📦 What is this software?

Media Streaming Add On by Qnap

View all CVEs affecting Media Streaming Add On →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker extracts authentication tokens, encryption keys, or other sensitive data from memory, leading to complete system compromise or data exfiltration.

🟠

Likely Case

Attacker reads limited memory contents, potentially obtaining some sensitive information but not full system control.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to isolated network segments.

🌐 Internet-Facing: LOW (requires local network access according to advisory)
🏢 Internal Only: MEDIUM (exploitable from internal network, could lead to data leakage)

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Requires local network access but no authentication. Out-of-bounds read vulnerabilities typically require specific conditions to extract useful data.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Media Streaming add-on 500.1.1.6 (2024/08/02) and later

Vendor Advisory: https://www.qnap.com/en/security-advisory/qsa-25-57

Restart Required: Yes

Instructions:

1. Log into QNAP NAS web interface. 2. Go to App Center. 3. Check for updates for Media Streaming add-on. 4. Update to version 500.1.1.6 or later. 5. Restart the add-on or NAS if required.

🔧 Temporary Workarounds

Disable Media Streaming add-on

all

Temporarily disable the vulnerable component until patching is possible

Log into QNAP web interface > App Center > Media Streaming > Stop/Disable

Network segmentation

all

Restrict access to QNAP NAS to trusted networks only

🧯 If You Can't Patch

  • Disable Media Streaming add-on completely
  • Implement strict network access controls to limit who can reach the NAS

🔍 How to Verify

Check if Vulnerable:

Check Media Streaming add-on version in QNAP App Center. If version is below 500.1.1.6, system is vulnerable.

Check Version:

Log into QNAP web interface > App Center > Media Streaming add-on details

Verify Fix Applied:

Confirm Media Streaming add-on version is 500.1.1.6 or higher in App Center.

📡 Detection & Monitoring

Log Indicators:

  • Unusual memory access patterns in system logs
  • Multiple failed memory read attempts

Network Indicators:

  • Unusual network traffic to Media Streaming service from unexpected internal sources

SIEM Query:

source="qnap_nas" AND (event="memory_access_error" OR event="out_of_bounds_read")

📊 Metadata

CVE ID: CVE-2024-56807
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-125
EPSS Score: 0.01% exploit probability (1.7th percentile)
Published: February 11, 2026
Last Updated: February 12, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-56807, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)