Lucene search

QnapVULNRICHMENT:CVE-2024-32764

HistoryApr 26, 2024 - 3:00 p.m.

CVE-2024-32764 myQNAPcloud Link

2024-04-2615:00:51

CWE-346

CWE-749

CWE-306

qnap

github.com

cve-2024-32764

myqnapcloud link

missing authentication

fixed vulnerability

network exploitation

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.9%

JSON

A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network.

We have already fixed the vulnerability in the following version:
myQNAPcloud Link 2.4.51 and later

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "myQNAPcloud Link",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "2.4.51",
        "status": "affected",
        "version": "2.4.x",
        "versionType": "custom"
      }
    ]
  }
]

References

www.qnap.com/en/security-advisory/qsa-24-09

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.9%

JSON

Related for VULNRICHMENT:CVE-2024-32764