Media Streaming Add On
CVE-2024-50395
MEDIUM
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (qnapsecurity) · only source for this CVE.
CVSS VectorVendor: qnapsecurity
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
An authorization bypass through user-controlled key vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow local network attackers to gain privilege.
We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later
AnalysisAI
An authorization bypass through user-controlled key vulnerability has been reported to affect Media Streaming add-on. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-639. An authorization bypass through user-controlled key vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow local network attackers to gain privilege. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later Affected products include: Qnap Media Streaming Add-On.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Media Streaming Add On
View allAn OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated critical
A command injection vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local network
A command injection vulnerability has been reported to affect QNAP device running Media Streaming add-on. Rated high sev
An out-of-bounds read vulnerability has been reported to affect Media Streaming add-on. If an attacker gains local netwo
A stack-based buffer overflow vulnerability exists in QNAP Media Streaming Add-On that allows remote attackers to corrup
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today