CVE-2024-50387
published 2024-12-06CVE-2024-50387: A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers…
PriorityP268critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
10.05%
95.0th percentile
A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code.
We have already fixed the vulnerability in the following version:
SMB Service 4.15.002 and later
SMB Service h4.15.002 and later
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qnap | smb_service | — | — |
| qnap | smb_service | — | — |
| qnap_systems_inc | smb_service | >= 4.15.x < 4.15.002 | 4.15.002 |
| qnap_systems_inc | smb_service | >= h4.15.x < h4.15.002 | h4.15.002 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2024-50387 is a SQL injection vulnerability in QNAP SMB Service; exploitation at Pwn2Own resulted in a root shell on a QNAP TS-464 NAS device — monitor for unexpected root-level process spawning from SMB Service processes ↗
- →Successful exploitation yields a root shell on the target NAS device — alert on root shell acquisition originating from SMB Service on QNAP devices ↗
- →Target device is QNAP TS-464 NAS; prioritize detection and patching on this model running unpatched SMB Service versions below 4.15.002 / h4.15.002 ↗
- ·Vulnerability is fixed in SMB Service 4.15.002 and later, and h4.15.002 and later; any QNAP device running an older SMB Service version remains vulnerable to remote SQL injection leading to root compromise ↗
- ·QNAP NAS devices are frequently targeted for ransomware and data theft; unpatched internet-exposed devices running vulnerable SMB Service versions are at elevated risk ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.010.0CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5x22-49wv-3m34: A SQL injection vulnerability has been reported to affect several QNAP operating system versions
ghsa_unreviewed·2024-12-06
CVE-2024-50387 [CRITICAL] CWE-89 GHSA-5x22-49wv-3m34: A SQL injection vulnerability has been reported to affect several QNAP operating system versions
A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code.
We have already fixed the vulnerability in the following version:
SMB Service 4.15.002 and later
SMB Service h4.15.002 and later
BSD
OpenBSD 7.4 Errata 013: SECURITY FIX
bsd_advisories·2024-02-13·CVSS 7.5
CVE-2023-50387 [HIGH] OpenBSD 7.4 Errata 013: SECURITY FIX
OpenBSD 7.4 Errata 013: SECURITY FIX
013: SECURITY FIX: February 13, 2024
All architectures DNSSEC protocol vulnerabilities have been discovered that render various DNSSEC validators victims of Denial Of Service while trying to validate specially crafted DNSSEC responses. Fix CVE-2023-50387 and CVE-2023-50868 in unwind(8) and unbound(8).
BSD
OpenBSD 7.3 Errata 026: SECURITY FIX
bsd_advisories·2024-02-13·CVSS 7.5
CVE-2023-50387 [HIGH] OpenBSD 7.3 Errata 026: SECURITY FIX
OpenBSD 7.3 Errata 026: SECURITY FIX
026: SECURITY FIX: February 13, 2024
All architectures DNSSEC protocol vulnerabilities have been discovered that render various DNSSEC validators victims of Denial Of Service while trying to validate specially crafted DNSSEC responses. Fix CVE-2023-50387 and CVE-2023-50868 in unwind(8) and unbound(8).
No detection rules found.
No public exploits indexed.
Bleepingcomputer
QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own
blogs_bleepingcomputer·2025-11-07·CVSS 8.1
CVE-2025-62847 [HIGH] QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own
## QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own
## Sergiu Gatlan
QNAP has fixed seven zero-day vulnerabilities that security researchers exploited to hack QNAP network-attached storage (NAS) devices during the Pwn2Own Ireland 2025 competition.
The flaws impact QNAP's QTS and QuTS hero operating systems (CVE-2025-62847, CVE-2025-62848, CVE-2025-62849) and the company's Hyper Data Protector (CVE-2025-59389), Malware Remover (CVE-2025-11837), and HBS 3 Hybrid Backup Sync (CVE-2025-62840, CVE-2025-62842) software.
QNAP said in advisories published on Friday that the security bugs were demonstrated at Pwn2Own by the Summoning Team, DEVCORE, Team DDOS, and a CyCraft technology intern.
To patch these security flaws, QNAP recommends updating software to the latest version and chan
Checkpoint
4th November – Threat Intelligence Report
blogs_checkpoint·2024-11-04
CVE-2024-10443 4th November – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 4th November – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 4th November, please download our Threat Intelligence Bulletin .
TOP ATTACKS AND BREACHES
Free, the second-largest telecom company in France, has been hit by a cyberattack resulting in unauthorized access to personal data associated with certain subscriber accounts. The incident surfaced following an attempted sale of stolen customer data on a cybercrime forum, impacting potentially up to 19 million customers.
Bleepingcomputer
QNAP patches second zero-day exploited at Pwn2Own to get root
blogs_bleepingcomputer·2024-10-30·CVSS 10.0
CVE-2024-50387 [CRITICAL] QNAP patches second zero-day exploited at Pwn2Own to get root
## QNAP patches second zero-day exploited at Pwn2Own to get root
## Sergiu Gatlan
QNAP has released security patches for a second zero-day bug exploited by security researchers during last week's Pwn2Own hacking contest.
This critical SQL injection (SQLi) vulnerability, tracked as CVE-2024-50387 , was found in QNAP's SMB Service and is now fixed in versions 4.15.002 or later and h4.15.002 and later.
The zero-day flaw was patched one week after allowing YingMuo (working with the DEVCORE Internship Program) to get a root shell and take over a QNAP TS-464 NAS device at Pwn2Own Ireland 2024.
On Tuesday, the company fixed another zero-day in its HBS 3 Hybrid Backup Sync disaster recovery and data backup solution, exploited by Viettel Cyber Security's team at Pwn2Own to execute arbitrary co
2024-12-06
Published