CVE-2024-50388: HBS 3 Hybrid Backup Sync

9.5 CVSS

Description

An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands.

We have already fixed the vulnerability in the following version:
HBS 3 Hybrid Backup Sync 25.1.1.673 and later

Classification

CVE ID: CVE-2024-50388

CVSS Base Severity: CRITICAL

CVSS Base Score: 9.5

Affected Products

Vendor: QNAP Systems Inc.

Product: HBS 3 Hybrid Backup Sync

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.72% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.qnap.com/en/security-advisory/qsa-24-41

Timeline

2024-12-07 00:31:24 UTC
CVE

HBS 3 Hybrid Backup Sync