CVE-2024-50387

Summary

A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code.

We have already fixed the vulnerability in the following version: SMB Service 4.15.002 and later SMB Service h4.15.002 and later

Affected Software

VendorProductVersion RangeStatus
QNAP Systems Inc.SMB Service4.15.x < 4.15.002affected
QNAP Systems Inc.SMB Serviceh4.15.x < h4.15.002affected

Weaknesses

  • CWE-89: CWE-89

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

References