A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to launch a denial-of-service (DoS) attack via a network.
QES is not affected.
We have already fixed the vulnerability in the following versions:
QuTS hero h188.8.131.525 build 20230907 and later
QuTS hero h184.108.40.2063 build 20230708 and later
QuTS hero h220.127.116.116 build 20230728 and later
QuTScloud c18.104.22.1688 and later
QTS 22.214.171.1244 build 20230629 and later
QTS 126.96.36.1997 build 20230718 and later