CVE-2024-50389

Published Dec 6, 2024

Last updated 3 months ago

CVSS critical 9.5

Overview

Description
A SQL injection vulnerability has been reported to affect QuRouter. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later
Source
security@qnapsecurity.com.tw
NVD status
Received

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.5
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

Weaknesses

security@qnapsecurity.com.tw
CWE-89

Social media

Hype score
Not currently trending

  1. [CVE-2024-50389: CRITICAL] SQL injection vulnerability in QuRouter has been patched in version 2.4.5.032. Update now to prevent remote attacks injecting malicious code. #cybersecurity#cybersecurity,#vulnerability https://t.co/2V351px0cT https://t.co/cXXN5dEQkV

    @CveFindCom

    6 Dec 2024

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-50389 A SQL injection vulnerability has been reported to affect QuRouter. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have al… https://t.co/kQBu18StWf

    @CVEnew

    6 Dec 2024

    248 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. Actively exploited CVE : CVE-2024-50389

    @transilienceai

    20 Nov 2024

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  4. Actively exploited CVE : CVE-2024-50389

    @transilienceai

    19 Nov 2024

    8 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  5. Actively exploited CVE : CVE-2024-50389

    @transilienceai

    18 Nov 2024

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  6. Actively exploited CVE : CVE-2024-50389

    @transilienceai

    17 Nov 2024

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. ⚠Vulnerabilidad en QNAP ❗CVE-2024-50389 ℹ Productos afectados: QuRouter 2.4.x (versiones anteriores a la 2.4.5.032) ➡Más info: https://t.co/VMjii5lGrT https://t.co/Osb9IWwkH7

    @CERTpy

    8 Nov 2024

    85 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Actively exploited CVE : CVE-2024-50389

    @transilienceai

    6 Nov 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. 🚨CVE Alert: Critical QNAP QuRouter Zero-day Vulnerability🚨 Vulnerability Details: CVE-2024-50389 (Critical) QNAP QuRouter Zero-day Vulnerability Impact A successful exploit allow an unauthorized access to affected devices. Affected Products QuRouter 2.4.x Fixed Version… htt

    @CyberxtronTech

    5 Nov 2024

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. QNAP Patches Zero-Day Flaw in QuRouter Following Pwn2Own Ireland 2024 Exploits Learn about the latest zero-day vulnerability, CVE-2024-50389, in #QNAP's #QuRouter network security appliance and how it was exploited during the #Pwn2Own hacking contest https://t.co/qMghT9aFRH

    @the_yellow_fall

    4 Nov 2024

    89 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References