cbcvebase.
CVE-2024-50405
published 2025-03-07

CVE-2024-50405: An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited…

PriorityP428medium5.5CVSS 3.1
AVNACLPRHUINSCCNILAL
EPSS
0.38%
30.0th percentile
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.2.3.3006 build 20250108 and later QuTS hero h5.2.3.3006 build 20250108 and later

Affected

21 ranges
VendorProductVersion rangeFixed in
qnapqts
qnapqts
qnapqts
qnapqts
qnapqts
qnapqts
qnapqts
qnapqts
qnapqts
qnapquts_hero
qnapquts_hero
qnapquts_hero
qnapquts_hero
qnapquts_hero
qnapquts_hero
qnapquts_hero
qnapquts_hero
qnapquts_hero
qnapquts_hero
qnap_systems_incqts>= 5.2.x < 5.2.3.3006 build 202501085.2.3.3006 build 20250108
qnap_systems_incquts_hero>= h5.2.x < h5.2.3.3006 build 20250108h5.2.3.3006 build 20250108

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L
nvdv4.05.1MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.