March 11, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple GitLab Products Vulnerabilities
March 11, 2025EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs
March 11, 2025Multiple GitLab Products Vulnerabilities
March 11, 2025EncryptHub: A Multi-Stage Malware Breach Impacting 600 Organizations – Active IOCs
March 11, 2025
Severity
Medium
Analysis Summary
CVE-2024-53693 CVSS:7.1
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data.
CVE-2024-53692 CVSS:5.1
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.
CVE-2024-50405 CVSS:5.5
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify application data.
CVE-2024-50394 CVSS:7.7
An improper certificate validation vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.
CVE-2024-50390 CVSS:7.7
A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands.
CVE-2024-48864 CVSS:5.3
A files or directories accessible to external parties vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers to read/write files or directories.
CVE-2024-38638 CVSS:2.1
An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory.
CVE-2024-13086 CVSS:5.3
An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.
Impact
- Gain Access
Indicators of Compromise
CVE
CVE-2024-53693
CVE-2024-53692
CVE-2024-50405
CVE-2024-50394
CVE-2024-50390
CVE-2024-48864
CVE-2024-38638
CVE-2024-13086
Affected Vendors
QNAP
Affected Products
- QNAP QuRouter 2.4.x
- QNAP QTS 5.2.x
- QNAP QuTS hero h5.2.x
- QNAP Helpdesk 3.3.x
- QNAP File Station 5 version 5.5.x
- QNAP QTS 5.1.x
- QNAP QuTS hero h5.1.x
- QNAP QTS 5.x
- QNAP QuTS hero h5.x
Remediation
Refer to QNAP Security Advisory for patch, upgrade, or suggested workaround information.