CVE-2024-53700 — Command Injection in Systems INC Qurouter

CWE-77 — Command Injection CWE-78 — OS Command Injection3 documents3 sources

Severity

5.1MEDIUMNVD

EPSS

0.3%

top 51.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qnap Systems INC Qurouter Qnap Qurouter

Timeline

PublishedMar 7

Description

A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.6.028 and later

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5qnap_systems_inc/qurouter2.4.x — 2.4.6.028

▶NVDqnap/qurouter8 versions+7

🔴Vulnerability Details

GHSA

GHSA-gv88-vwqw-9qgj: A command injection vulnerability has been reported to affect QHora↗2025-03-07

▶

CVEList

QHora↗2025-03-07

▶