CRLF Injection Vulnerability in QNAP Operating Systems
CVE-2024-48868
Currently unrated
Summary
A vulnerability has been identified in certain QNAP operating system versions that allows improper handling of CRLF sequences, known as CRLF Injection. This flaw could enable remote attackers to manipulate application data, potentially leading to unauthorized modifications. QNAP has addressed this issue in the latest builds of QTS and QuTS hero, ensuring enhanced security for users. It is crucial to update to the patched versions to mitigate possible exploitation risks.
References
Timeline
Vulnerability published