CNNVD-202510-407 Information

CNNVD ID

CNNVD-202510-407

Related CVE

CVE-2025-53407

• CNNVD Published: 2025-10-03

Description (Chinese)

QNAP QTS是中国台湾威联通科技（QNAP）公司的一个具有数据存储与管理功能的软件。 QNAP QTS 5.2.6.3195版本之前版本和QNAP QuTS hero h5.2.6.3195版本之前版本存在格式化字符串错误漏洞，该漏洞源于使用外部可控格式字符串，可能导致获取敏感数据或修改内存。

Description (English)

QNAP QTS is a software with data storage and management functions at QNAP. QNAP QTS 5.2.6.3195 and QNAP QETS hero h5.2.6.3195 have a formatted string error loophole, which results from the use of an externally controlled format string and may lead to the acquisition of sensitive data or the modification of memory.

Hazard Level

High

Vulnerability Type

格式化字符串错误

Affected Vendor

威联通科技

Published

2025-10-03

Last Modified

2026-02-24

References

https://www.qnap.com/en/security-advisory/qsa-25-36

Patch

https://www.qnap.com/en/security-advisory/qsa-25-36