CVE-2024-50404 MEDIUM

CVE-2024-50404: Qsync Central

Vendor Qnap Systems Inc.
Product Qsync Central
Weakness CWE-59
Published December 6, 2024
Last update December 6, 2024

CVSS base score

6.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later

Key dates

02Disclosure timeline

December 6, 2024 CVE published
December 6, 2024 Record updated