Vulnerability Details CVE-2024-50404
A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations.
We have already fixed the vulnerability in the following versions:
Qsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later
Exploit prediction scoring system (EPSS) score
EPSS Score 0.418
EPSS Ranking 97.3%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2024-50404
-
cpe:2.3:a:qnap:qsync_central:4.4.0.10
-
cpe:2.3:a:qnap:qsync_central:4.4.0.12
-
cpe:2.3:a:qnap:qsync_central:4.4.0.13
-
cpe:2.3:a:qnap:qsync_central:4.4.0.14
-
cpe:2.3:a:qnap:qsync_central:4.4.0.15
-
cpe:2.3:a:qnap:qsync_central:4.4.0.2
-
cpe:2.3:a:qnap:qsync_central:4.4.0.3
-
cpe:2.3:a:qnap:qsync_central:4.4.0.4
-
cpe:2.3:a:qnap:qsync_central:4.4.0.5
-
cpe:2.3:a:qnap:qsync_central:4.4.0.6
-
cpe:2.3:a:qnap:qsync_central:4.4.0.7
-
cpe:2.3:a:qnap:qsync_central:4.4.0.8
-
cpe:2.3:a:qnap:qsync_central:4.4.0.9