CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-13087

A command injection vulnerability has been reported to affect QHora. If an attacker gains local network access who have also gained an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.6.028 and later

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 38.8%

CVSS Severity

CVSS v3 Score 6.7

References

https://www.qnap.com/en/security-advisory/qsa-25-15

Products affected by CVE-2024-13087

Qnap » Qurouter » Version: 2.4.0.190

cpe:2.3:o:qnap:qurouter:2.4.0.190
Qnap » Qurouter » Version: 2.4.1.172

cpe:2.3:o:qnap:qurouter:2.4.1.172
Qnap » Qurouter » Version: 2.4.1.634

cpe:2.3:o:qnap:qurouter:2.4.1.634
Qnap » Qurouter » Version: 2.4.2.317

cpe:2.3:o:qnap:qurouter:2.4.2.317
Qnap » Qurouter » Version: 2.4.2.538

cpe:2.3:o:qnap:qurouter:2.4.2.538
Qnap » Qurouter » Version: 2.4.3.103

cpe:2.3:o:qnap:qurouter:2.4.3.103
Qnap » Qurouter » Version: 2.4.4.106

cpe:2.3:o:qnap:qurouter:2.4.4.106
Qnap » Qurouter » Version: 2.4.5.032

cpe:2.3:o:qnap:qurouter:2.4.5.032
Qnap » Qurouter » Version: 2.4.6.028

cpe:2.3:o:qnap:qurouter:2.4.6.028

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-13087

Products

Pricing

Contact Us