Lucene search

[email protected]CVE-2024-32764

HistoryApr 26, 2024 - 3:15 p.m.

CVE-2024-32764

2024-04-2615:15:48

CWE-306

CWE-749

CWE-346

[email protected]

web.nvd.nist.gov

cve-2024-32764

missing authentication

critical function

myqnapcloud link

privilege level

network

nvd

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.9%

JSON

A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network.

We have already fixed the vulnerability in the following version:
myQNAPcloud Link 2.4.51 and later

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "myQNAPcloud Link",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "2.4.51",
        "status": "affected",
        "version": "2.4.x",
        "versionType": "custom"
      }
    ]
  }
]

References

www.qnap.com/en/security-advisory/qsa-24-09

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.9%

JSON

Related for CVE-2024-32764

vulnrichment1 nvd1 zdi1 cvelist1