CVE-2024-32764

CRITICAL

myQNAPcloud Link <2.4.51 - Privilege Escalation

Title source: llm

Description

A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud Link 2.4.51 and later

References (1)

[Vendor Advisory] https://www.qnap.com/en/security-advisory/qsa-24-09

Scores

CVSS v3 9.9

EPSS 0.0019

EPSS Percentile 40.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-749 CWE-346 CWE-306

Status published

Products (1)

qnap/myqnapcloud_link 2.4.0 - 2.4.51

Published Apr 26, 2024

Tracked Since Feb 18, 2026