- Description
- An OS command injection vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to execute commands. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later
- Source
- security@qnapsecurity.com.tw
- NVD status
- Analyzed
- Products
- notes_station_3
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@qnapsecurity.com.tw
- CWE-77
- Hype score
- Not currently trending
[CVE-2024-38644: HIGH] Critical OS command injection vulnerability in Notes Station 3 addressed in version 3.9.7. Update to prevent remote attacks executing commands.#cybersecurity,#vulnerability https://t.co/Jduqth7OpD https://t.co/YtoinOu55J
@CveFindCom
22 Nov 2024
26 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-38644 An OS command injection vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to execu… https://t.co/p0tiL1xmtl
@CVEnew
22 Nov 2024
279 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:notes_station_3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77A152B5-C799-4955-8B0D-1D95B5644A07",
"versionEndExcluding": "3.9.7",
"versionStartIncluding": "3.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]