CyberAlerts

CVE-2024-50393

Description: A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

CVSS: HIGH (8.7)

EPSS Score: 0.04%

Source: CVE

December 7th, 2024 (5 months ago)

CVE-2024-50389

QuRouter

Description: A SQL injection vulnerability has been reported to affect QuRouter. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later

CVSS: CRITICAL (9.5)

EPSS Score: 0.04%

Source: CVE

December 7th, 2024 (5 months ago)

CVE-2024-50388

HBS 3 Hybrid Backup Sync

Description: An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later

CVSS: CRITICAL (9.5)

EPSS Score: 0.04%

Source: CVE

December 7th, 2024 (5 months ago)

CVE-2024-50387

SMB Service

Description: A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: SMB Service 4.15.002 and later SMB Service h4.15.002 and later

CVSS: CRITICAL (10.0)

EPSS Score: 0.04%

Source: CVE

December 7th, 2024 (5 months ago)

CVE-2024-49580

In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure

Description: In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure

CVSS: MEDIUM (5.3)

EPSS Score: 0.05%

Source: CVE

December 7th, 2024 (5 months ago)

CVE-2024-48874

Ruijie Reyee OS Server-Side Request Forgery

Description: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services.

CVSS: CRITICAL (9.8)

EPSS Score: 0.09%

Source: CVE

December 7th, 2024 (5 months ago)

CVE-2024-48871

Planet Technology Planet WGS-804HPT Stack-based Buffer Overflow

Description: The affected product is vulnerable to a stack-based buffer overflow. An unauthenticated attacker could send a malicious HTTP request that the webserver fails to properly check input size before copying data to the stack, potentially allowing remote code execution.

CVSS: CRITICAL (9.8)

EPSS Score: 0.04%

Source: CVE

December 7th, 2024 (5 months ago)

CVE-2024-48868

QTS, QuTS hero

Description: An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

CVSS: HIGH (8.7)

EPSS Score: 0.04%

Source: CVE

December 7th, 2024 (5 months ago)

CVE-2024-48867

QTS, QuTS hero

Description: An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

CVSS: MEDIUM (5.3)

EPSS Score: 0.04%

Source: CVE

December 7th, 2024 (5 months ago)

CVE-2024-48866

QTS, QuTS hero

Description: An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

CVSS: LOW (2.3)

EPSS Score: 0.04%

Source: CVE

December 7th, 2024 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-50393	QTS, QuTS hero Description: A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later CVSS: HIGH (8.7) EPSS Score: 0.04% Source: CVE December 7th, 2024 (5 months ago)
CVE-2024-50389	QuRouter Description: A SQL injection vulnerability has been reported to affect QuRouter. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later CVSS: CRITICAL (9.5) EPSS Score: 0.04% Source: CVE December 7th, 2024 (5 months ago)
CVE-2024-50388	HBS 3 Hybrid Backup Sync Description: An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later CVSS: CRITICAL (9.5) EPSS Score: 0.04% Source: CVE December 7th, 2024 (5 months ago)
CVE-2024-50387	SMB Service Description: A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: SMB Service 4.15.002 and later SMB Service h4.15.002 and later CVSS: CRITICAL (10.0) EPSS Score: 0.04% Source: CVE December 7th, 2024 (5 months ago)
CVE-2024-49580	In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure Description: In JetBrains Ktor before 2.3.13 improper caching in HttpCache Plugin could lead to response information disclosure CVSS: MEDIUM (5.3) EPSS Score: 0.05% Source: CVE December 7th, 2024 (5 months ago)
CVE-2024-48874	Ruijie Reyee OS Server-Side Request Forgery Description: Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services. CVSS: CRITICAL (9.8) EPSS Score: 0.09% Source: CVE December 7th, 2024 (5 months ago)
CVE-2024-48871	Planet Technology Planet WGS-804HPT Stack-based Buffer Overflow Description: The affected product is vulnerable to a stack-based buffer overflow. An unauthenticated attacker could send a malicious HTTP request that the webserver fails to properly check input size before copying data to the stack, potentially allowing remote code execution. CVSS: CRITICAL (9.8) EPSS Score: 0.04% Source: CVE December 7th, 2024 (5 months ago)
CVE-2024-48868	QTS, QuTS hero Description: An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later CVSS: HIGH (8.7) EPSS Score: 0.04% Source: CVE December 7th, 2024 (5 months ago)
CVE-2024-48867	QTS, QuTS hero Description: An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later CVSS: MEDIUM (5.3) EPSS Score: 0.04% Source: CVE December 7th, 2024 (5 months ago)
CVE-2024-48866	QTS, QuTS hero Description: An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later CVSS: LOW (2.3) EPSS Score: 0.04% Source: CVE December 7th, 2024 (5 months ago)