CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-48861

An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local network attackers to execute commands. We have already fixed the vulnerability in the following versions: QuRouter 2.4.4.106 and later

Exploit prediction scoring system (EPSS) score

EPSS Score 0.012

EPSS Ranking 78.4%

CVSS Severity

CVSS v3 Score 7.8

References

https://www.qnap.com/en/security-advisory/qsa-24-44

Products affected by CVE-2024-48861

Qnap » Qurouter » Version: 2.4.0.190

cpe:2.3:o:qnap:qurouter:2.4.0.190
Qnap » Qurouter » Version: 2.4.1.172

cpe:2.3:o:qnap:qurouter:2.4.1.172
Qnap » Qurouter » Version: 2.4.1.634

cpe:2.3:o:qnap:qurouter:2.4.1.634
Qnap » Qurouter » Version: 2.4.2.317

cpe:2.3:o:qnap:qurouter:2.4.2.317
Qnap » Qurouter » Version: 2.4.2.538

cpe:2.3:o:qnap:qurouter:2.4.2.538
Qnap » Qurouter » Version: 2.4.3.103

cpe:2.3:o:qnap:qurouter:2.4.3.103

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-48861

Products

Pricing

Contact Us