CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-21901 – myQNAPcloud
https://notcve.org/view.php?id=CVE-2024-21901
A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: myQNAPcloud 1.0.52 ( 2023/11/24 ) and later QTS 4.5.4.2627 build 20231225 and later Se ha informado que una vulnerabilidad de inyección SQL afecta a myQNAPcloud. Si se explota, la vulnerabilidad podría permitir a los administradores autenticados inyectar código malicioso a través de una red. El fabricante ha solucionado la vulnerabilidad en las siguientes versiones: myQNAPcloud 1.0.52 (2023/11/24) y posteriores QTS 4.5.4.2627 compilación 20231225 y posteriores This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the authLogin endpoint. • https://www.qnap.com/en/security-advisory/qsa-24-09 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.0EPSS: 0%CPEs: 4EXPL: 0CVE-2021-28815 – Insecure Storage of Sensitive Information in myQNAPcloud Link
https://notcve.org/view.php?id=CVE-2021-28815
Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing the unrestricted storage mechanism. This issue affects: QNAP Systems Inc. myQNAPcloud Link versions prior to 2.2.21 on QTS 4.5.3; versions prior to 2.2.21 on QuTS hero h4.5.2; versions prior to 2.2.21 on QuTScloud c4.5.4. Se ha reportado de que el almacenamiento no seguro de información confidencial afecta a los NAS de QNAP que ejecutan myQNAPcloud Link. Si es explotado, esta vulnerabilidad permite a atacantes remotos leer información confidencial accediendo al mecanismo de almacenamiento sin restricciones. • https://www.qnap.com/zh-tw/security-advisory/qsa-21-26 • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 7.5EPSS: 27%CPEs: 1EXPL: 1CVE-2019-7181 – QNAP myQNAPcloud Connect 1.3.4.0317 - 'Username/Password' Denial of Service
https://notcve.org/view.php?id=CVE-2019-7181
Buffer Overflow vulnerability in myQNAPcloud Connect 1.3.3.0925 and earlier could allow remote attackers to crash the program. Una vulnerabilidad de desbordamiento de búfer en myQNAPcloud Connect versión 1.3.3.0925 y anteriores, podría permitir que los atacantes remotos bloqueen el programa. QNAP myQNAPcloud Connect version 1.3.4.0317 suffers from a username / password denial of service vulnerability. • https://www.exploit-db.com/exploits/46733 http://packetstormsecurity.com/files/152570/QNAP-myQNAPcloud-Connect-1.3.4.0317-Username-Password-Denial-Of-Service.html https://www.qnap.com/zh-tw/security-advisory/nas-201905-09 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •