CVE-2024-21901

CVSS 3.1 Score 4.7 of 10 (medium)

Details

Published Mar 8, 2024

Updated: Mar 13, 2024

CWE ID 89

Summary

CVE-2024-21901 is a SQL injection vulnerability that has been identified in myQNAPcloud. This issue allows authenticated administrators to inject malicious code into the system via a network. Successful exploitation could result in unintended database queries or even data theft. The vulnerability has been addressed in myQNAPcloud version 1.0.52 and later, as well as QTS 4.5.4.2627 build 20231225 and later. System administrators are encouraged to ensure they have installed the latest updates to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

QNAP QTS

Affected Vendors

QNAP Systems

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uAYVs2
https://www.cve.org/CVERecord?id=CVE-2024-21901
https://nvd.nist.gov/vuln/detail/CVE-2024-21901

Back to Vulnerability Database