Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-50387

A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: SMB Service 4.15.002 and later SMB Service h4.15.002 and later

Published

2024-12-06T17:15:09.247

Last Modified

2025-12-08T18:16:51.677

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

Weaknesses

Type: Secondary
CWE-89

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	qnap	smb_service	4.15.001	Yes
Application	qnap	smb_service	h4.15.001	Yes

References

https://www.qnap.com/en/security-advisory/qsa-24-42 Vendor Advisory ([email protected])