CVE-2024-48861

CWE-77 — Command Injection CWE-78 — OS Command Injection3 documents3 sources

Severity

7.3HIGH

EPSS

0.4%

top 38.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems Inc. Qurouter Qnap Qurouter

Timeline

PublishedNov 22

Description

An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local network attackers to execute commands. We have already fixed the vulnerability in the following versions: QuRouter 2.4.4.106 and later

CVSS vector

CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages2 packages

▶CVEListV5qnap_systems_inc./qurouter2.4.x — 2.4.4.106

▶NVDqnap/qurouter6 versions+5

🔴Vulnerability Details

GHSA

GHSA-m5jm-j4cj-7522: An OS command injection vulnerability has been reported to affect several product versions↗2024-11-22

▶

CVEList

QHora↗2024-11-22

▶