How severe is CVE-2024-50402?

This vulnerability has a severity rating of LOW with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2024-50402?

This is classified as CWE-134, which is a common weakness in software security.

CVE-2024-50402 - LOW Severity | CVSS N/A

Vulnerability Description

A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later

Related Vulnerabilities

CVE-2010-3438

CRITICAL

CVSS:9.8(Critical)

libpoe-component-irc-perl before v6.32 does not remove carriage returns and line feeds. This can be used to execute arbitrary IRC commands by passing an argument such as "some text\rQUIT" to the 'priv...

CWE-1342010

CVE-2012-0824

CRITICAL

CVSS:9.8(Critical)

gnusound 0.7.5 has format string issue

CWE-1342012

CVE-2015-7271

CRITICAL

CVSS:9.8(Critical)

Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo.

CWE-1342015

CVE-2015-8617

CRITICAL

CVSS:9.8(Critical)

Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a s...

CWE-1342015

CVE-2016-4448

CRITICAL

CVSS:9.8(Critical)

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.

CWE-1342016

CVE-2016-5074

CRITICAL

CVSS:9.8(Critical)

CloudView NMS before 2.10a has a format string issue exploitable over SNMP.

CWE-1342016