CNNVD-202510-424 Information

CNNVD ID

CNNVD-202510-424

Related CVE

CVE-2025-52429

• CNNVD Published: 2025-10-03

Description (Chinese)

QNAP QTS和QNAP QuTS hero都是中国台湾威联通科技（QNAP）公司的一个具有数据存储与管理功能的软件。 QNAP QTS 5.2.6.3195版本之前版本和QNAP QuTS hero h5.2.6.3195版本之前版本存在格式化字符串错误漏洞，该漏洞源于使用外部控制的格式字符串，可能导致获取秘密数据或修改内存。

Description (English)

QNAP QTS and QNAP QTS hero are both software with data storage and management functions at QNAP. The pre-QNAP QTS 5.2.6.3195 and pre-QNAP QTS hero h5.2.6.3195 have a formatted string error loop, which results from the use of externally controlled format strings, which may lead to the acquisition of secret data or to the modification of memory.

Hazard Level

High

Vulnerability Type

格式化字符串错误

Affected Vendor

威联通科技

Published

2025-10-03

Last Modified

2026-02-24

References

https://www.qnap.com/en/security-advisory/qsa-25-36

Patch

https://www.qnap.com/en/security-advisory/qsa-25-36