Skip to main content

Qsync Central CVE-2024-50404

MEDIUM
Improper Link Resolution Before File Access (CWE-59)
2024-12-06 security@qnapsecurity.com.tw
6.8
CVSS 4.0 · Vendor: qnapsecurity
Share

Severity by source

Vendor (qnapsecurity) PRIMARY
6.8 MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from Vendor (qnapsecurity) · only source for this CVE.

CVSS VectorVendor: qnapsecurity

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
A
Scope
X

Lifecycle Timeline

1
CVE Published
Dec 06, 2024 - 17:15 cve.org
MEDIUM 6.8

DescriptionCVE.org

A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations.

We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later

AnalysisAI

A link following vulnerability has been reported to affect Qsync Central. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-59. A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later Affected products include: Qnap Qsync Central.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-44014 HIGH
8.8 Oct 03

An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user accoun

CVE-2025-30276 HIGH
8.8 Feb 11

An out-of-bounds write vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user accoun

CVE-2025-54153 HIGH
8.8 Oct 03

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, the

CVE-2025-53595 HIGH
8.8 Oct 03

An SQL injection vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, the

CVE-2025-29892 HIGH
8.8 Jun 06

SQL injection vulnerability in Qsync Central that allows authenticated remote attackers to execute arbitrary code or com

CVE-2025-52869 HIGH
8.1 Feb 11

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th

CVE-2025-52868 HIGH
8.1 Feb 11

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th

CVE-2025-48724 HIGH
8.1 Feb 11

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th

CVE-2025-48723 HIGH
8.1 Feb 11

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th

CVE-2025-22482 HIGH
8.1 Jun 06

Format string vulnerability in QNAP Qsync Central that allows authenticated remote attackers to read sensitive data or m

CVE-2025-30269 HIGH
8.1 Feb 11

A use of externally-controlled format string vulnerability has been reported to affect Qsync Central. If a remote attack

CVE-2025-57709 HIGH
8.1 Feb 11

A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, th

Share

CVE-2024-50404 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy