CRLF Injection Vulnerability in QNAP Operating Systems
CVE-2024-48867

Currently unrated

Key Information:

Vendor: QNAP
Status: QNAP Operating Systems
Vendor: CVE Published:; 6 December 2024

Summary

A CRLF Injection vulnerability has been identified in various QNAP operating systems, allowing unauthorized remote attackers to inject malicious sequences that can lead to the modification of application data. This vulnerability is applicable to specified versions of QTS and QuTS hero, emphasizing the need for prompt updates to mitigate potential exploits and safeguard your systems from unauthorized data manipulation.

References

https://www.qnap.com/en/security-advisory/qsa-24-49

Timeline

Vulnerability published
Dec 6, 2024