CVE-2024-50390
QHora
In short
QHora has a flaw that allows attackers to run unauthorized commands on the system by sending specially crafted input. This is a serious security issue because it gives attackers complete control over the affected device.
Technical detail
A command injection vulnerability (CWE-78) in QHora allows remote attackers to execute arbitrary OS commands through unsanitized user input passed to system execution functions. The vulnerability requires network access but no authentication; successful exploitation grants full system-level command execution. Fixed in QuRouter 2.4.5.032 and later.
Summary generated and translated by AI from the official description.
A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands.
We have already fixed the vulnerability in the following version:
QuRouter 2.4.5.032 and later
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
QNAP Systems Inc. · QuRouterWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →