HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2024-38647

CVSS 7.9v4.0pub. 2024-11-22upd. 2025-12-08

An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: QNAP AI Core 3.4.1 and later

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Qnap Ai Core

    APP
    Qnap
    3.4.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2022-27593CRITICAL10.0⚠ KEVten sam vendor

An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Ph...

CVE-2021-28799CRITICAL10.0⚠ KEVten sam vendor

An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync...

CVE-2020-2509CRITICAL9.8⚠ KEVten sam vendor

A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerabil...

CVE-2018-19949CRITICAL9.8⚠ KEVten sam vendor

If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNA...

CVE-2019-7193CRITICAL9.8⚠ KEVten sam vendor

This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. T...