CVE-2024-50390

CWE-78 — OS Command Injection CWE-11883 documents3 sources

Severity

7.7HIGH

EPSS

0.4%

top 38.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems Inc. Qurouter Qnap Qurouter

Timeline

PublishedMar 7

Description

A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5qnap_systems_inc./qurouter2.4.x — 2.4.5.032

▶NVDqnap/qurouter7 versions+6

🔴Vulnerability Details

CVEList

QHora↗2025-03-07

▶

GHSA

GHSA-vj79-3hwh-jcf7: A command injection vulnerability has been reported to affect QHora↗2025-03-07

▶