9.9
CVE-2024-32764
- EPSS 0.08%
- Veröffentlicht 26.04.2024 15:15:48
- Zuletzt bearbeitet 21.11.2024 09:15:40
- Quelle security@qnapsecurity.com.tw
- Teams Watchlist Login
- Unerledigt Login
A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud Link 2.4.51 and later
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerqnap
≫
Produkt
myqnapcloud_link
Default Statusunknown
Version <
2.4.51
Version
2.4
Status
affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.08% | 0.247 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@qnapsecurity.com.tw | 9.9 | 3.9 | 5.3 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
CWE-346 Origin Validation Error
The product does not properly verify that the source of data or communication is valid.
CWE-749 Exposed Dangerous Method or Function
The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.