CVE-2024-50404

HIGH

Qnap Qsync Central < 4.4.0.16 - Symlink Following

Title source: rule

Description

A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later

Exploits (1)

nomisec WORKING POC 1 stars

by C411e · poc

https://github.com/C411e/CVE-2024-50404

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://www.qnap.com/en/security-advisory/qsa-24-48

Scores

CVSS v3 8.8

EPSS 0.4429

EPSS Percentile 97.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-59

Status published

Products (1)

qnap/qsync_central 4.4.0 - 4.4.0.16

Published Dec 06, 2024

Tracked Since Feb 18, 2026