Myqnapcloud Link
CVE-2024-32764
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L
Primary rating from Vendor (qnapsecurity) · only source for this CVE.
CVSS VectorVendor: qnapsecurity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L
Lifecycle Timeline
1DescriptionCVE.org
A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network.
We have already fixed the vulnerability in the following version: myQNAPcloud Link 2.4.51 and later
AnalysisAI
A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Missing Authentication for Critical Function (CWE-306), which allows attackers to access critical functionality without authentication. A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud Link 2.4.51 and later Affected products include: Qnap Myqnapcloud Link.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Require authentication for all sensitive operations, implement defense in depth.
More in Myqnapcloud Link
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today