CVE-2024-50404

MEDIUM EPSS 68.4%

Published Dec 6, 20241y ago · Modified Jun 17, 20261w ago

6.8 CVSS 4.0

Medium

Published Dec 6, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later

CVSS Details

Base Score

6.8

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction A

Scope X

Threat Intelligence

EPSS Exploit Probability

68.4% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-59

Affected Products 1

Vendor	Product	Version	Range
qnap	qsync_central	*	≥4.4.0 – <4.4.0.16

References 1

qnap.com https://www.qnap.com/en/security-advisory/qsa-24-48

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.