CVE-2024-48861

QHora

CVSS 7.3 HIGHEPSS 0.8%CWE-77 CWE-78

An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local network attackers to execute commands. We have already fixed the vulnerability in the following versions: QuRouter 2.4.4.106 and later

CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected products

QNAP Systems Inc. · QuRouter

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.qnap.com/en/security-advisory/qsa-24-44