CVE-2024-50395
Nov. 22, 2024, 4:15 p.m.
Tags
Product(s) Impacted
Media Streaming add-on
- 500.1.1.6 and later
Description
An authorization bypass through user-controlled key vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow local network attackers to gain privilege. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later
Weaknesses
CWE-639
Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
CWE ID: 639Date
Published: Nov. 22, 2024, 4:15 p.m.
Last Modified: Nov. 22, 2024, 4:15 p.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
security@qnapsecurity.com.tw
References
https://www.qnap.com/
security@qnapsecurity.com.tw