External Format String Vulnerability in QNAP Operating Systems
CVE-2024-50402

Currently unrated

Key Information:

Vendor: QNAP
Status: QNAP Operating System
Vendor: CVE Published:; 6 December 2024

Summary

An externally-controlled format string vulnerability in several QNAP operating system versions can be exploited by remote attackers with administrator access. This could potentially grant them the ability to access sensitive data or modify the system's memory. The issue has been resolved in later versions of QTS and QuTS hero.

References

https://www.qnap.com/en/security-advisory/qsa-24-49

Timeline

Vulnerability published
Dec 6, 2024