CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2024-50388 – HBS 3 Hybrid Backup Sync
https://notcve.org/view.php?id=CVE-2024-50388
06 Dec 2024 — An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-464 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the... • https://www.qnap.com/en/security-advisory/qsa-24-41 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •