cvelist/2024/53xxx/CVE-2024-53700.json

{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2024-53700",
        "ASSIGNER": "security@qnap.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following version:\nQuRouter 2.4.6.028 and later"
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-77",
                        "cweId": "CWE-77"
                    },
                    {
                        "lang": "eng",
                        "value": "CWE-78",
                        "cweId": "CWE-78"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "QNAP Systems Inc.",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "QuRouter",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_name": "2.4.x",
                                            "version_value": "2.4.6.028"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://www.qnap.com/en/security-advisory/qsa-25-07",
                "refsource": "MISC",
                "name": "https://www.qnap.com/en/security-advisory/qsa-25-07"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.1.0-dev"
    },
    "source": {
        "advisory": "QSA-25-07",
        "discovery": "EXTERNAL"
    },
    "solution": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "We have already fixed the vulnerability in the following version:<br>QuRouter 2.4.6.028 and later<br>"
                }
            ],
            "value": "We have already fixed the vulnerability in the following version:\nQuRouter 2.4.6.028 and later"
        }
    ],
    "credits": [
        {
            "lang": "en",
            "value": "Freddo Espresso (Evangelos Daravigkas)"
        }
    ]
}
"-Synchronized-Data." 2024-11-22 07:00:35 +00:00			`{`
"-Synchronized-Data." 2025-03-07 17:00:35 +00:00			`"data_version": "4.0",`
"-Synchronized-Data." 2024-11-22 07:00:35 +00:00			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"CVE_data_meta": {`
			`"ID": "CVE-2024-53700",`
"-Synchronized-Data." 2025-03-07 17:00:35 +00:00			`"ASSIGNER": "security@qnap.com",`
			`"STATE": "PUBLIC"`
"-Synchronized-Data." 2024-11-22 07:00:35 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2025-03-07 17:00:35 +00:00			`"value": "A command injection vulnerability has been reported to affect QHora. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.\n\nWe have already fixed the vulnerability in the following version:\nQuRouter 2.4.6.028 and later"`
			`}`
			`]`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-77",`
			`"cweId": "CWE-77"`
			`},`
			`{`
			`"lang": "eng",`
			`"value": "CWE-78",`
			`"cweId": "CWE-78"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"vendor_name": "QNAP Systems Inc.",`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "QuRouter",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": "<",`
			`"version_name": "2.4.x",`
			`"version_value": "2.4.6.028"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`}`
			`]`
			`}`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"url": "https://www.qnap.com/en/security-advisory/qsa-25-07",`
			`"refsource": "MISC",`
			`"name": "https://www.qnap.com/en/security-advisory/qsa-25-07"`
"-Synchronized-Data." 2024-11-22 07:00:35 +00:00			`}`
			`]`
"-Synchronized-Data." 2025-03-07 17:00:35 +00:00			`},`
			`"generator": {`
			`"engine": "Vulnogram 0.1.0-dev"`
			`},`
			`"source": {`
			`"advisory": "QSA-25-07",`
			`"discovery": "EXTERNAL"`
			`},`
			`"solution": [`
			`{`
			`"lang": "en",`
			`"supportingMedia": [`
			`{`
			`"base64": false,`
			`"type": "text/html",`
			`"value": "We have already fixed the vulnerability in the following version:<br>QuRouter 2.4.6.028 and later<br>"`
			`}`
			`],`
			`"value": "We have already fixed the vulnerability in the following version:\nQuRouter 2.4.6.028 and later"`
			`}`
			`],`
			`"credits": [`
			`{`
			`"lang": "en",`
			`"value": "Freddo Espresso (Evangelos Daravigkas)"`
			`}`
			`]`
"-Synchronized-Data." 2024-11-22 07:00:35 +00:00			`}`