CRLF Injection Vulnerability in QNAP Operating Systems
CVE-2024-48868

Currently unrated

Key Information:

Vendor
QNAP
Vendor
CVE Published:
6 December 2024

Summary

A vulnerability has been identified in certain QNAP operating system versions that allows improper handling of CRLF sequences, known as CRLF Injection. This flaw could enable remote attackers to manipulate application data, potentially leading to unauthorized modifications. QNAP has addressed this issue in the latest builds of QTS and QuTS hero, ensuring enhanced security for users. It is crucial to update to the patched versions to mitigate possible exploitation risks.

References

Timeline

  • Vulnerability published

.