CVE-2024-50404 — Link Following in Systems INC Qsync Central

CWE-59 — Link Following3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

37.8%

top 2.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems INC Qsync Central Qnap Qsync Central

Timeline

PublishedDec 6

Description

A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5qnap_systems_inc/qsync_central4.4.x.x — 4.4.0.16_20240819 ( 2024/08/19 )

▶NVDqnap/qsync_central4.4.0 — 4.4.0.16

🔴Vulnerability Details

CVEList

Qsync Central↗2024-12-06

▶

GHSA

GHSA-f4rv-5346-m4jx: A link following vulnerability has been reported to affect Qsync Central↗2024-12-06

▶