CVE-2024-37042

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack.

We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later

Published: Nov 22, 2024
Updated: Nov 16, 2025
CVE: CVE-2024-37042
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.9
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-476

Affected Software
References

Software	From	Fixed in
qnap / qts	5.2.0.2737-build_20240417	5.2.0.2737-build_20240417.x
qnap / qts	5.2.0.2744-build_20240424	5.2.0.2744-build_20240424.x
qnap / qts	5.2.0.2782-build_20240601	5.2.0.2782-build_20240601.x
qnap / qts	5.2.0.2802-build_20240620	5.2.0.2802-build_20240620.x
qnap / qts	5.2.0.2823-build_20240711	5.2.0.2823-build_20240711.x
qnap / qts	5.2.0.2851-build_20240808	5.2.0.2851-build_20240808.x
qnap / qts	5.2.0.2860-build_20240817	5.2.0.2860-build_20240817.x
qnap / quts_hero	h5.2.0.2737-build_20240417	h5.2.0.2737-build_20240417.x
qnap / quts_hero	h5.2.0.2782-build_20240601	h5.2.0.2782-build_20240601.x
qnap / quts_hero	h5.2.0.2789-build_20240607	h5.2.0.2789-build_20240607.x
qnap / quts_hero	h5.2.0.2802-build_20240620	h5.2.0.2802-build_20240620.x
qnap / quts_hero	h5.2.0.2823-build_20240711	h5.2.0.2823-build_20240711.x
qnap / quts_hero	h5.2.0.2851-build_20240808	h5.2.0.2851-build_20240808.x
qnap / quts_hero	h5.2.0.2860-build_20240817	h5.2.0.2860-build_20240817.x

https://www.qnap.com/en/security-advisory/qsa-24-43

Vulnerability Database

308,820

CVE-2024-37042

Deep Security Visibility Without the Complexity