Authorization Bypass Vulnerability in Media Streaming Add-on by QNAP
CVE-2024-50395

Currently unrated

Key Information:

Vendor: QNAP
Status: Media Streaming add-on
Vendor: CVE Published:; 22 November 2024

Summary

A user-controlled key vulnerability has been discovered in the Media Streaming add-on, enabling local network attackers to bypass authorization mechanisms. Successful exploitation may lead to unauthorized privilege escalation, allowing attackers to gain access to restricted functionality. QNAP has addressed this issue in version 500.1.1.6, released on August 2, 2024, and strongly advises users to upgrade to prevent potential exploitation.

References

https://www.qnap.com/en/security-advisory/qsa-24-47

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Nov 22, 2024