ByteOS Network

NVD Vulnerability Details :

CVE-2024-21901

Analyzed

Source-security@qnapsecurity.com.tw

Published At-08 Mar, 2024 | 17:15

Updated At-13 Mar, 2024 | 14:23

A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: myQNAPcloud 1.0.52 ( 2023/11/24 ) and later QTS 4.5.4.2627 build 20231225 and later

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	4.7	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Secondary	3.1	4.7	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CPE Matches

QNAP Systems, Inc.

>>myqnapcloud>>Versions before 1.0.52(exclusive)

cpe:2.3:a:qnap:myqnapcloud:*:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>Versions before 4.5.4.2627(exclusive)

cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>4.5.4.2627

cpe:2.3:o:qnap:qts:4.5.4.2627:-:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-89	Primary	security@qnapsecurity.com.tw

References

Hyperlink	Source	Resource
https://www.qnap.com/en/security-advisory/qsa-24-09	security@qnapsecurity.com.tw	Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History