VDB

GCVE-110-NCSC-2024-361

GCVE-110-NCSC-2024-361
Advisory PublishedCVSS 8.8/10
Vulnetix · Advisory published September 10, 2024
QNAP heeft kwetsbaarheden verholpen in QTS en QTS Hero.

Weaknesses (CWE)

CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')CWE-862Missing AuthorizationCWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')CWE-307Improper Restriction of Excessive Authentication Attempts

Risk Scores

CVSS 3.1
8.8/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersionsPlatforms
qnap_systems_inc.quts_hero
qnapquts_hero
qnap_systems_inc.qts
qnapqts

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›