CVE-2024-38643

CWE-306Missing Authentication4 documents4 sources
Severity
9.3CRITICAL
EPSS
1.5%
top 18.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems Inc. Notes Station 3Qnap Notes Station 3
Timeline
PublishedNov 22
Latest updateNov 25

Description

A missing authentication for critical function vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote attackers to gain access to and execute certain functions. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

NVDqnap/notes_station_33.9.03.9.7
CVEListV5qnap_systems_inc./notes_station_33.9.x3.9.7

🔴Vulnerability Details

2
GHSA
GHSA-2g2v-h26j-4qfh: A missing authentication for critical function vulnerability has been reported to affect Notes Station 32024-11-22
CVEList
Notes Station 32024-11-22

🕵️Threat Intelligence

1
Bleepingcomputer
QNAP addresses critical flaws across NAS, router software2024-11-25
CVE-2024-38643 (CRITICAL CVSS 9.3) | A missing authentication for critic | cvebase.io