CVE-2024-50387

Опубликовано: 06 дек. 2024

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code.

We have already fixed the vulnerability in the following version: SMB Service 4.15.002 and later SMB Service h4.15.002 and later

Ссылки

https://www.qnap.com/en/security-advisory/qsa-24-42
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:qnap:smb_service:4.15.001:*:*:*:*:*:*:*

cpe:2.3:a:qnap:smb_service:h4.15.001:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.22018

Средний

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-5x22-49wv-3m34

CVSS3: 9.8

github

около 1 года назад

A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: SMB Service 4.15.002 and later SMB Service h4.15.002 and later

BDU:2024-11621

CVSS3: 10

fstec

больше 1 года назад

Уязвимость службы SMB микропрограммного обеспечения сетевых устройств QNAP, позволяющая нарушителю выполнить произвольный код