CVE-2024-48860: QHora
First published: Fri Nov 22 2024(Updated: )
An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.3.103 and later
Credit: security@qnapsecurity.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <2.4.3.103 | ||
Remedy
We have already fixed the vulnerability in the following version: QuRouter 2.4.3.103 and later
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-48860?
CVE-2024-48860 is classified as a critical vulnerability due to its potential for remote command execution.
What products are affected by CVE-2024-48860?
CVE-2024-48860 affects QuRouter versions prior to 2.4.3.103 and all versions of QHora products.
How do I fix CVE-2024-48860?
To fix CVE-2024-48860, upgrade QuRouter to version 2.4.3.103 or later.
Can CVE-2024-48860 be exploited remotely?
Yes, CVE-2024-48860 can be exploited remotely, allowing attackers to execute arbitrary commands.
Is there a patch available for CVE-2024-48860?
Yes, a patch is available by upgrading to QuRouter version 2.4.3.103 or later.
- agent/remedy
- agent/title
- agent/weakness
- agent/description
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-38644
- alias/CVE-2024-38646
- alias/CVE-2024-48860
- alias/CVE-2024-48861
- agent/references
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup