- Description
- An incorrect permission assignment for critical resource vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow local authenticated attackers who have gained administrator access to read or modify the resource. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later
- Source
- security@qnapsecurity.com.tw
- NVD status
- Analyzed
- Products
- notes_station_3
CVSS 4.0
- Type
- Secondary
- Base score
- 8.4
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 6
- Impact score
- 5.2
- Exploitability score
- 0.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
- Severity
- MEDIUM
- security@qnapsecurity.com.tw
- CWE-732
- Hype score
- Not currently trending
CVE-2024-38646 QNAP addresses critical flaws across NAS, router software By Bill Toulas November 2... https://t.co/NO7sZwfQP5
@VulmonFeeds
27 Nov 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2024-38646: HIGH] Critical cyber security vulnerability reported in Notes Station 3 due to incorrect permission assignment. Update to version 3.9.7 or later to secure against potential attacks.#cybersecurity,#vulnerability https://t.co/a3OxwuBiuv https://t.co/dJ9XsdRuaB
@CveFindCom
22 Nov 2024
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:notes_station_3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77A152B5-C799-4955-8B0D-1D95B5644A07",
"versionEndExcluding": "3.9.7",
"versionStartIncluding": "3.9.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]