CVE-2024-38644

CWE-77Command InjectionCWE-78OS Command Injection3 documents3 sources
Severity
8.7HIGH
EPSS
1.8%
top 17.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems Inc. Notes Station 3Qnap Notes Station 3
Timeline
PublishedNov 22

Description

An OS command injection vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to execute commands. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

NVDqnap/notes_station_33.9.03.9.7
CVEListV5qnap_systems_inc./notes_station_33.9.x3.9.7

🔴Vulnerability Details

2
CVEList
Notes Station 32024-11-22
GHSA
GHSA-v94v-33c2-x5m5: An OS command injection vulnerability has been reported to affect Notes Station 32024-11-22
CVE-2024-38644 (HIGH CVSS 8.7) | An OS command injection vulnerabili | cvebase.io