CVE-2024-13086

An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: QTS 5.2.0.2851 build 20240808 and later QuTS hero h5.2.0.2851 build 20240808 and later

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.qnap.com/en/security-advisory/qsa-25-03	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:qnap:qts::::::::
	cpe:2.3:o:qnap:quts_hero::::::::

History

30 Jan 2026, 18:54

Type	Values Removed	Values Added
First Time		Qnap qts Qnap quts Hero Qnap
CPE		cpe:2.3:o:qnap:qts:::::::: cpe:2.3:o:qnap:quts_hero::::::::
References	~~() https://www.qnap.com/en/security-advisory/qsa-25-03 -~~	() https://www.qnap.com/en/security-advisory/qsa-25-03 - Vendor Advisory
Summary		(es) Se ha informado de una vulnerabilidad de exposición de información confidencial que afecta al producto. Si se explota, la vulnerabilidad podría permitir a atacantes remotos comprometer la seguridad del sistema. Ya hemos corregido la vulnerabilidad en la siguiente versión: QTS 5.2.0.2851 build 20240808 y posteriores QuTS hero h5.2.0.2851 build 20240808 y posteriores

07 Mar 2025, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-07 17:15

Updated : 2026-01-30 18:54

NVD link : CVE-2024-13086

Mitre link : CVE-2024-13086

CVE.ORG link : CVE-2024-13086

JSON object : View

Products Affected

qnap

qts
quts_hero

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2024-13086", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@qnapsecurity.com.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-07T17:15:18.430", "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-25-03", "tags": ["Vendor Advisory"], "source": "security@qnapsecurity.com.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@qnapsecurity.com.tw", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.\n\nWe have already fixed the vulnerability in the following version:\nQTS 5.2.0.2851 build 20240808 and later\nQuTS hero h5.2.0.2851 build 20240808 and later"}, {"lang": "es", "value": "Se ha informado de una vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial que afecta al producto. Si se explota, la vulnerabilidad podr\u00eda permitir a atacantes remotos comprometer la seguridad del sistema. Ya hemos corregido la vulnerabilidad en la siguiente versi\u00f3n: QTS 5.2.0.2851 build 20240808 y posteriores QuTS hero h5.2.0.2851 build 20240808 y posteriores"}], "lastModified": "2026-01-30T18:54:35.447", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D35E354-F154-4E4B-B92C-B167258C2EED", "versionEndExcluding": "5.2.0.2851", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A25A4BC-D282-4320-AFD6-111693CAF1C0", "versionEndExcluding": "h5.2.0.2851", "versionStartIncluding": "h5.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@qnapsecurity.com.tw"}