CVE-2024-48860

CWE-77 — Command Injection CWE-78 — OS Command Injection3 documents3 sources

Severity

9.5CRITICAL

EPSS

1.1%

top 22.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems Inc. Qurouter Qnap Qurouter

Timeline

PublishedNov 22

Description

An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.3.103 and later

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages2 packages

▶CVEListV5qnap_systems_inc./qurouter2.4.x — 2.4.3.103

▶NVDqnap/qurouter5 versions+4

🔴Vulnerability Details

GHSA

GHSA-8qxc-g23q-chq5: An OS command injection vulnerability has been reported to affect several product versions↗2024-11-22

▶

CVEList

QHora↗2024-11-22

▶