CVE-2024-50389

CWE-89 — SQL Injection3 documents3 sources

Severity

9.5CRITICAL

EPSS

1.6%

top 18.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems Inc. Qurouter Qnap Qurouter

Timeline

PublishedDec 6

Description

A SQL injection vulnerability has been reported to affect QuRouter. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages2 packages

▶CVEListV5qnap_systems_inc./qurouter2.4.x — 2.4.5.032

▶NVDqnap/qurouter7 versions+6

🔴Vulnerability Details

CVEList

QuRouter↗2024-12-06

▶

GHSA

GHSA-5p7p-gj53-x6pp: A SQL injection vulnerability has been reported to affect QuRouter↗2024-12-06

▶