CVE-2024-48860

Published Nov 22, 2024

Last updated 5 days ago

CVSS critical 9.5

Overview

Description
An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.3.103 and later
Source
security@qnapsecurity.com.tw
NVD status
Received

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.5
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

Weaknesses

security@qnapsecurity.com.tw
CWE-77

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. 🚨Alert🚨CVE-2024-48860 (CVSS 9.5): Critical Flaw in QNAP QuRouter, Immediate Update Recommended 📊 2.5K+ Services are found on https://t.co/ysWb28BTvF yearly. 🔗Hunter Link: https://t.co/yUpYzVxVKC 👇Query HUNTER:/product.name="QuRouter" 📰Refer: https://t.co/5vXH29OGuT #QNAP…

    @HunterMapping

    26 Nov 2024

    2086 Impressions

    10 Retweets

    36 Likes

    11 Bookmarks

    0 Replies

    0 Quotes

  2. QNAP社QuRouterに重大(Critical)な脆弱性。CVE-2024-48860はCVSSスコア9.5で、コマンドインジェクションの脆弱性。リモートの未認証攻撃者による任意コマンドの実行が可能。修正版が出ている。 https://t.co/94qBkqW4Km

    @__kokumoto

    25 Nov 2024

    1195 Impressions

    6 Retweets

    16 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2024-48860 (CVSS 9.5): Critical Flaw in QNAP QuRouter, Immediate Update Recommended https://t.co/xpM9ZOT2O5

    @Dinosn

    25 Nov 2024

    2318 Impressions

    4 Retweets

    17 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  4. 🗣 CVE-2024-48860 (CVSS 9.5): Critical Flaw in QNAP QuRouter, Immediate Update Recommended https://t.co/fmZ3wNj0gh

    @fridaysecurity

    25 Nov 2024

    79 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Critical Vulnerabilities in QNAP QuRouter: Immediate Update Recommended Urgent security advisory: Update your #QNAP #QuRouter network appliance now to address critical CVE-2024-48860 (CVSS 9.5) & CVE-2024-48861 vulnerabilities https://t.co/ua7CiE1Qho

    @the_yellow_fall

    25 Nov 2024

    582 Impressions

    6 Retweets

    13 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. [CVE-2024-48860: CRITICAL] OS command injection vulnerability affects product versions. Vulnerability fixed in QuRouter 2.4.3.103 and later. Remote attackers could execute commands.#cybersecurity,#vulnerability https://t.co/RaR0NiorfU https://t.co/2oFXPkIWmH

    @CveFindCom

    22 Nov 2024

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References