Command Injection Vulnerability in QHora by QNAP
CVE-2024-53700
5.1MEDIUM
Summary
A command injection vulnerability in QHora allows remote attackers with administrator access to execute arbitrary commands on the device. This could lead to unauthorized actions within the system, compromising the integrity and security of the network. Users are strongly advised to upgrade to version 2.4.6.028 or later to mitigate this security risk.
Affected Version(s)
QuRouter 2.4.x < 2.4.6.028
References
CVSS V4
Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Freddo Espresso (Evangelos Daravigkas)