ByteOS Network

NVD Vulnerability Details :

CVE-2024-50394

Analyzed

Source-security@qnapsecurity.com.tw

Published At-07 Mar, 2025 | 17:15

Updated At-22 Jan, 2026 | 18:30

An improper certificate validation vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: Helpdesk 3.3.3 and later

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	4.0	7.7	HIGH	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary	3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Type: Secondary

Version: 4.0

Base score: 7.7

Base severity: HIGH

Vector:

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Type: Primary

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CPE Matches

QNAP Systems, Inc.

>>helpdesk>>Versions from 3.3.1(inclusive) to 3.3.3(exclusive)

cpe:2.3:a:qnap:helpdesk:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-295	Secondary	security@qnapsecurity.com.tw

CWE ID: CWE-295

Type: Secondary

Source: security@qnapsecurity.com.tw

References

Hyperlink	Source	Resource
https://www.qnap.com/en/security-advisory/qsa-25-05	security@qnapsecurity.com.tw	Vendor Advisory

Hyperlink: https://www.qnap.com/en/security-advisory/qsa-25-05

Source: security@qnapsecurity.com.tw

Resource:

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History