Lucene search

QnapVULNRICHMENT:CVE-2024-32764

HistoryApr 26, 2024 - 3:00 p.m.

CVE-2024-32764 myQNAPcloud Link

2024-04-2615:00:51

CWE-749

CWE-346

CWE-306

qnap

github.com

cve-2024-32764

myqnapcloud link

missing authentication

fixed vulnerability

network exploitation

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

28.8%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network.

We have already fixed the vulnerability in the following version:
myQNAPcloud Link 2.4.51 and later

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:qnap:myqnapcloud_link:2.4:*:*:*:*:*:*:*"
    ],
    "vendor": "qnap",
    "product": "myqnapcloud_link",
    "versions": [
      {
        "status": "affected",
        "version": "2.4",
        "lessThan": "2.4.51",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

www.qnap.com/en/security-advisory/qsa-24-09

CVSS3

9.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

28.8%

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-32764