Today > | 2 Medium vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-50404

Dec. 6, 2024, 5:15 p.m.

Tags

CWE-59
security@qnapsecurity.com.tw
2024-12-06
CVE-2024-50404

Product(s) Impacted

Qsync Central

  • 4.4.0.16_20240819
  • after 4.4.0.16_20240819

Description

A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later

Weaknesses

CWE-59
Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

CWE ID: 59

Date

Published: Dec. 6, 2024, 5:15 p.m.

Last Modified: Dec. 6, 2024, 5:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security@qnapsecurity.com.tw

References

https://www.qnap.com/ security@qnapsecurity.com.tw