CVE-2024-13087

CWE-78OS Command Injection3 documents3 sources
Severity
2.4LOW
EPSS
0.1%
top 74.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems Inc. QurouterQnap Qurouter
Timeline
PublishedJun 6

Description

A command injection vulnerability has been reported to affect QHora. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.6.028 and later

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5qnap_systems_inc./qurouter2.4.x2.4.6.028
NVDqnap/qurouter9 versions+8

🔴Vulnerability Details

2
CVEList
QHora2025-06-06
GHSA
GHSA-7c8j-xg5r-5j56: A command injection vulnerability has been reported to affect QHora2025-06-06