Skip to main content

An OS command injection vulnerability that could lead to arbitrary code execution has been patched

Threat ID:CC-4569
Threat Severity:Medium
Published:1 November 2024 11:02 AM

Summary

An OS command injection vulnerability that could lead to arbitrary code execution has been patched

Affected platforms

The following platforms are known to be affected:

Versions: all prior to 25.1.1.673
QNAP Hybrid Backup Sync

Threat details

Introduction

QNAP has released a security update that addresses an OS command injection vulnerability affecting HBS 3 Hybrid Backup Sync. HBS 3 Hybrid Backup Sync is a backup and disaster recovery solution for local, remote server, and cloud storage services. If exploited, CVE-2024-50388 could allow a remote attacker to execute arbitrary commands.

Remediation advice

Affected organisations are encouraged to review QNAP security advisory QSA-24-41 and apply the relevant updates.   

Definitive source of threat updates

CVE Vulnerabilities

StatusReserved
CVE-2024-50388

Last edited: 1 November 2024 11:02 am

Back to top