CVE-2024-53696— QuLog Center
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-53696
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
QuLog Center
Source: NVD (National Vulnerability Database)
Vulnerability Description
A server-side request forgery (SSRF) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.7.0.829 ( 2024/10/01 ) and later QuLog Center 1.8.0.888 ( 2024/10/15 ) and later QTS 4.5.4.2957 build 20241119 and later QuTS hero h4.5.4.2956 build 20241119 and later
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
服务端请求伪造(SSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
QNAP Systems QTS、QNAP Systems QuTS hero和QNAP Systems QuLog Center 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
QNAP Systems QuLog Center等都是中国威联通科技(QNAP Systems)公司的产品。QNAP Systems QuLog Center是一个报告栏,里面记录了系统汇报出来的各项事件。QNAP Systems QTS是一个入门操作系统。QNAP Systems QuTS hero是一个操作系统。 QNAP Systems QTS、QNAP Systems QuTS hero和QNAP Systems QuLog Center存在代码问题漏洞,该漏洞源于服务端请求伪造,可能导致远程攻
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| QNAP Systems Inc. | QuLog Center | 1.7.x.x ~ 1.7.0.829 ( 2024/10/01 ) | - | |
| QNAP Systems Inc. | QTS | 4.5.x ~ 4.5.4.2957 build 20241119 | - | |
| QNAP Systems Inc. | QuTS hero | h4.5.x ~ h4.5.4.2956 build 20241119 | - |
II. Public POCs for CVE-2024-53696
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-53696
请登录查看更多情报信息。
Same Patch Batch · QNAP Systems Inc. · 2025-03-07 · 15 CVEs total
| CVE-2024-13086 | 5.3 MEDIUM | QTS, QuTS hero |
| CVE-2024-38638 | QTS, QuTS hero | |
| CVE-2024-48864 | File Station 5 | |
| CVE-2024-50390 | QHora | |
| CVE-2024-50394 | Helpdesk | |
| CVE-2024-50405 | QTS, QuTS hero | |
| CVE-2024-53692 | QTS, QuTS hero | |
| CVE-2024-53693 | QTS, QuTS hero | |
| CVE-2024-53694 | QVPN Device Client, Qsync, Qfinder Pro | |
| CVE-2024-53695 | HBS 3 Hybrid Backup Sync | |
| CVE-2024-53697 | QTS, QuTS hero | |
| CVE-2024-53698 | QTS, QuTS hero | |
| CVE-2024-53699 | QTS, QuTS hero | |
| CVE-2024-53700 | QHora |
IV. Related Vulnerabilities
Same weakness: CWE-918
- CVE-2026-8193
Akaunting Invoice PDF Rendering dompdf.php server-side reque - CVE-2026-44313
LinkWarden: Server-Side Request Forgery (SSRF) in Link Creat - CVE-2026-42352
pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processe - CVE-2026-42346
Postiz: TOCTOU DNS rebinding bypasses all SSRF URL validatio - CVE-2026-42339
New API: SSRF Filter Bypass via 0.0.0.0
V. Comments for CVE-2024-53696
No comments yet