CVE-2024-48868

Published Dec 6, 2024

Last updated 3 months ago

CVSS high 8.7

Overview

Description
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later
Source
security@qnapsecurity.com.tw
NVD status
Received

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.7
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

Weaknesses

security@qnapsecurity.com.tw
CWE-93

Social media

Hype score
Not currently trending

  1. CVE-2024-50393,CVE-2024-48868 alert 🚨 QNAP QTS Command Injection and CRLF Injection The vulnerability is actively exploited in the wild and has been integrated into Patrowl. Our customers assets are protected. 🦉 #CyberSecurity #InfoSec https://t.co/gW5difM0aS

    @Patrowl_io

    11 Dec 2024

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Múltiples vulnerabilidades en QNAP Vulnerabilidades en QTS y QuTS hero CVE-2024-48859 CVE-2024-48865 CVE-2024-48866 CVE-2024-48867 CVE-2024-48868 CVE-2024-50393 CVE-2024-50402 CVE-2024-50403 https://t.co/38RnaCrgDE https://t.co/J88Z1u0Vhc

    @elhackernet

    9 Dec 2024

    5455 Impressions

    24 Retweets

    66 Likes

    13 Bookmarks

    1 Reply

    5 Quotes

  3. [CVE-2024-48868: HIGH] Warning: Vulnerability in QNAP OS versions could let attackers alter data. Fixed in QTS 5.1.9.2954, 5.2.2.2950, QuTS hero 5.1.9.2954, & 5.2.2.2952 versions & later builds.#cybersecurity,#vulnerability https://t.co/9149qOWqWy https://t.co/ld16a5FZSd

    @CveFindCom

    6 Dec 2024

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2024-48868 An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vu… https://t.co/GD513FQVpm

    @CVEnew

    6 Dec 2024

    218 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References