Improper URL Encoding in QNAP Operating Systems
CVE-2024-48866

Currently unrated

Key Information:

Vendor: QNAP
Status: QNAP Operating System
Vendor: CVE Published:; 6 December 2024

Summary

The reported vulnerability involves improper handling of URL encoding (Hex Encoding) in multiple versions of QNAP operating systems. Exploitation of this flaw could enable remote attackers to force the system into unpredictable behavior, potentially compromising system integrity and security. QNAP has addressed this issue in several newer versions, providing users with necessary updates to secure their systems against such exploits. It is strongly recommended for users to upgrade to the specified versions to mitigate the risk.

References

https://www.qnap.com/en/security-advisory/qsa-24-49

Timeline

Vulnerability published
Dec 6, 2024