CVE-2024-50387: SMB Service

10.0 CVSS

Description

A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code.

We have already fixed the vulnerability in the following version:
SMB Service 4.15.002 and later
SMB Service h4.15.002 and later

Classification

CVE ID: CVE-2024-50387

CVSS Base Severity: CRITICAL

CVSS Base Score: 10.0

Affected Products

Vendor: QNAP Systems Inc.

Product: SMB Service

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.qnap.com/en/security-advisory/qsa-24-42

Timeline

2024-12-07 00:31:24 UTC
CVE

SMB Service