C411e

3 exploits Active since Feb 2024
CVE-2024-53691 NOMISEC HIGH WORKING POC
QNAP QTS and QuTS hero - Link Following via File System Traversal
A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QTS 5.2.0.2802 build 20240620 and later QuTS hero h5.1.8.2823 build 20240712 and later QuTS hero h5.2.0.2802 build 20240620 and later
14 stars
CVSS 8.8
CVE-2024-50404 NOMISEC HIGH WORKING POC
Qsync Central 4.4.0-4.4.0.15 - Authenticated Path Traversal via Symbolic Link
A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later
1 stars
CVSS 8.8
CVE-2023-47564 NOMISEC HIGH WRITEUP
Qsync Central 4.3.0.0-4.3.0.10 - Authenticated Incorrect Permission Assignment for Critical Resource
An incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.15 ( 2024/01/04 ) and later Qsync Central 4.3.0.11 ( 2024/01/11 ) and later
CVSS 8.0