Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
NA

CVE-2023-50363

Published: 26/04/2024 Updated: 26/04/2024

Vulnerability Summary

An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to bypass intended access restrictions via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build 20240402 and later QuTS hero h5.1.6.2734 build 20240414 and later

Recent Articles

QNAP QTS zero-day in Share feature gets public RCE exploit
BleepingComputer • Bill Toulas • 20 May 2024

QNAP QTS zero-day in Share feature gets public RCE exploit By Bill Toulas May 20, 2024 10:57 AM 0 An extensive security audit of QNAP QTS, the operating system for the company's NAS products, has uncovered fifteen vulnerabilities of varying severity, with eleven remaining unfixed. Among them is CVE-2024-27130, an unpatched stack buffer overflow vulnerability in the 'No_Support_ACL' function of 'share.cgi,' which could enable an attacker to perform remote code execution when specific pr...

Read more...

References

CWE-285CWE-863https://www.qnap.com/en/security-advisory/qsa-24-20https://nvd.nist.govhttps://www.bleepingcomputer.com/news/security/qnap-qts-zero-day-in-share-feature-gets-public-rce-exploit/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRFserver-side request forgeryCVE-2024-30067CVE-2024-5553CVE-2024-30095IDORCVE-2024-35252CVE-2024-23692CVE-2024-27801
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook