CVE-2024-50394

Published Mar 7, 2025

Last updated 3 days ago

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2024-50394 is an improper certificate validation vulnerability that affects QNAP's Helpdesk application. Successful exploitation could allow remote attackers to compromise the security of the system. QNAP has addressed this vulnerability in Helpdesk version 3.3.3 and later. Versions of the Helpdesk app prior to 3.3.3 are vulnerable. Users are strongly encouraged to update their Helpdesk application to the latest version to mitigate the risk associated with this vulnerability.

Description: An improper certificate validation vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: Helpdesk 3.3.3 and later
Source: security@qnapsecurity.com.tw
NVD status: Received

Risk scores

CVSS 4.0

Type: Secondary
Base score: 7.7
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: HIGH

Weaknesses

security@qnapsecurity.com.tw: CWE-295

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 2

Overview

AI description

Risk scores

CVSS 4.0

Weaknesses

Social media

References