CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-32764

CVSS 9.9v3.1pub. 2024-04-26upd. 2025-12-10

A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud Link 2.4.51 and later

🤖 AI Analysis
How it works

The vulnerability results from the lack of a required authentication mechanism when accessing specific critical functions of the myQNAPcloud Link application. An attacker can, without possessing any credentials, invoke these functions over the network. The associated CWE vectors also indicate issues with request source verification (CWE-346) and exposure of functions that should be inaccessible from the outside (CWE-749). The broad scope of impact (Scope: Changed) suggests that exploitation may affect resources beyond the application itself.

Impact

An attacker can gain unauthorized access to protected application functions, which may lead to data modification or deletion (high integrity impact), as well as partial information disclosure (low confidentiality impact) and service availability degradation.

Mitigation & patch

Update myQNAPcloud Link to version 2.4.51 or later. A patch is available from the vendor — details in QNAP security bulletin QSA-24-09 at https://www.qnap.com/en/security-advisory/qsa-24-09

Who is affected

QNAP myQNAPcloud Link — all versions prior to 2.4.51

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L
  • Qnap Myqnapcloud Link

    APP
    Qnap
    2.4.0 – 2.4.51 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2021-28815MEDIUM6.0ten sam produkt

Insecure storage of sensitive information has been reported to affect QNAP NAS running myQNAPcloud Link. If ex...

CVE-2022-27593CRITICAL10.0⚠ KEVten sam vendor

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Ph...

CVE-2021-28799CRITICAL10.0⚠ KEVten sam vendor

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync...

CVE-2020-2509CRITICAL9.8⚠ KEVten sam vendor

A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerabil...

CVE-2018-19949CRITICAL9.8⚠ KEVten sam vendor

If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNA...