Lucene search

QnapCVELIST:CVE-2024-32764

HistoryApr 26, 2024 - 3:00 p.m.

CVE-2024-32764 myQNAPcloud Link

2024-04-2615:00:51

CWE-306

CWE-346

CWE-749

qnap

www.cve.org

cve-2024-32764

myqnapcloud link

missing authentication

critical function vulnerability

privilege level

network exploit

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.9%

JSON

A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network.

We have already fixed the vulnerability in the following version:
myQNAPcloud Link 2.4.51 and later

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "myQNAPcloud Link",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "2.4.51",
        "status": "affected",
        "version": "2.4.x",
        "versionType": "custom"
      }
    ]
  }
]

References

www.qnap.com/en/security-advisory/qsa-24-09

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L

9.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.9%

JSON

Related for CVELIST:CVE-2024-32764