What is the severity of CVE-2024-53694?

CVE-2024-53694 has been classified as a moderate severity vulnerability due to the potential unauthorized access it allows local attackers.

How do I fix CVE-2024-53694?

To fix CVE-2024-53694, upgrade the affected software to the latest version as recommended in the security advisory.

Which products are affected by CVE-2024-53694?

CVE-2024-53694 affects QNAP QVPN Device Client versions prior to 2.2.5, Qsync versions prior to 5.1.3, and Qfinder Pro versions prior to 7.11.1.

What type of vulnerability is CVE-2024-53694?

CVE-2024-53694 is a time-of-check time-of-use (TOCTOU) race condition vulnerability.

Can attackers exploit CVE-2024-53694 remotely?

No, CVE-2024-53694 can only be exploited by local attackers who already have user access.

Vulnerability/
CVE-2024-53694

high

8.6

CWE

367 362

7/3/2025

CVE-2024-53694: QVPN Device Client, Qsync, Qfinder Pro

First published: Fri Mar 07 2025(Updated: )

A time-of-check time-of-use (TOCTOU) race condition vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local attackers who have gained user access to gain access to otherwise unauthorized resources. We have already fixed the vulnerability in the following versions: QVPN Device Client for Mac 2.2.5 and later Qsync for Mac 5.1.3 and later Qfinder Pro Mac 7.11.1 and later

Credit: security@qnapsecurity.com.tw

Affected Software	Affected Version	How to fix
QNAP QVPN Device Client	<2.2.5
QNAP Qsync	<5.1.3
QNAP Qfinder Pro	<7.11.1

Remedy

We have already fixed the vulnerability in the following versions: QVPN Device Client for Mac 2.2.5 and later Qsync for Mac 5.1.3 and later Qfinder Pro Mac 7.11.1 and later

Never miss a vulnerability like this again

Reference Links

https://www.qnap.com/en/security-advisory/qsa-24-51

Frequently Asked Questions

What is the severity of CVE-2024-53694?
CVE-2024-53694 has been classified as a moderate severity vulnerability due to the potential unauthorized access it allows local attackers.
How do I fix CVE-2024-53694?
To fix CVE-2024-53694, upgrade the affected software to the latest version as recommended in the security advisory.
Which products are affected by CVE-2024-53694?
CVE-2024-53694 affects QNAP QVPN Device Client versions prior to 2.2.5, Qsync versions prior to 5.1.3, and Qfinder Pro versions prior to 7.11.1.
What type of vulnerability is CVE-2024-53694?
CVE-2024-53694 is a time-of-check time-of-use (TOCTOU) race condition vulnerability.
Can attackers exploit CVE-2024-53694 remotely?
No, CVE-2024-53694 can only be exploited by local attackers who already have user access.

collector/mitre-cve
source/MITRE
agent/references
agent/weakness
agent/remedy
agent/title
agent/type
agent/description
agent/first-publish-date
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
collector/nvd-api
source/NVD
agent/author
agent/last-modified-date
agent/severity
agent/source
agent/tags
agent/event
vendor/qnap
canonical/qnap qvpn device client
canonical/qnap qsync
canonical/qnap qfinder pro

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.