CVE-2024-48861: QHora
First published: Fri Nov 22 2024(Updated: )
An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local network attackers to execute commands. We have already fixed the vulnerability in the following versions: QuRouter 2.4.4.106 and later
Credit: security@qnapsecurity.com.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <2.4.4.106 |
Remedy
We have already fixed the vulnerability in the following versions: QuRouter 2.4.4.106 and later
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-48861?
CVE-2024-48861 is considered a critical OS command injection vulnerability.
How do I fix CVE-2024-48861?
To fix CVE-2024-48861, update to QuRouter version 2.4.4.106 or later.
Who is affected by CVE-2024-48861?
CVE-2024-48861 affects QuRouter versions prior to 2.4.4.106.
What could happen if CVE-2024-48861 is exploited?
Exploitation of CVE-2024-48861 could allow local network attackers to execute arbitrary commands.
Is there a workaround for CVE-2024-48861?
There are no specific workarounds for CVE-2024-48861; upgrading to a secure version is recommended.
- agent/remedy
- agent/title
- agent/weakness
- agent/description
- agent/type
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- collector/bleeping-computer
- source/BleepingComputer
- alias/CVE-2024-38644
- alias/CVE-2024-38646
- alias/CVE-2024-48860
- alias/CVE-2024-48861
- agent/references
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup