Multiple QNAP Products Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2024-53693 CVSS:7.1

An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to modify application data.

CVE-2024-53692 CVSS:5.1

A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.

CVE-2024-50405 CVSS:5.5

CVE-2024-50394 CVSS:7.7

An improper certificate validation vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.

CVE-2024-50390 CVSS:7.7

A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands.

CVE-2024-48864 CVSS:5.3

A files or directories accessible to external parties vulnerability has been reported to affect File Station 5. If exploited, the vulnerability could allow remote attackers to read/write files or directories.

CVE-2024-38638 CVSS:2.1

An out-of-bounds write vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to modify or corrupt memory.

CVE-2024-13086 CVSS:5.3

An exposure of sensitive information vulnerability has been reported to affect product. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.

Impact