Published: 08/03/2024 Updated: 13/03/2024

CVSS v3 Base Score: 4.7 | Impact Score: 3.4 | Exploitability Score: 1.2

VMScore: 0

A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: myQNAPcloud 1.0.52 ( 2023/11/24 ) and later QTS 4.5.4.2627 build 20231225 and later

Vulnerable Product	Search on Vulmon	Subscribe to Product
qnap qts 4.5.4.2627
qnap qts
qnap myqnapcloud

QNAP warns of critical auth bypass flaw in its NAS devices

BleepingComputer • Bill Toulas • 08 Mar 2024

QNAP warns of critical auth bypass flaw in its NAS devices By Bill Toulas March 8, 2024 03:03 PM 0 QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices. The Taiwanese Network Attached Storage (NAS) device maker disclosed three vulnerabilities that can lead to an authentication bypass, command injection, and SQL injection. While the last two require the attackers to be authenticated...

CVE-2024-21901

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect