- Description
- An improper certificate validation vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: Helpdesk 3.3.3 and later
- Source
- security@qnapsecurity.com.tw
- NVD status
- Analyzed
- Products
- helpdesk
CVSS 4.0
- Type
- Secondary
- Base score
- 7.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@qnapsecurity.com.tw
- CWE-295
- Hype score
- Not currently trending
QNAP Helpdeskアプリにおける外部からの攻撃が可能な脆弱性が修正された。CVE-2024-50394はCVSSスコア7.7で、証明書検証が不適切であることに起因してセキュリティ措置を迂回して不正アクセスが可能となるもの。NASに管理者でログインしてApp Centerから更新可能。 https://t.co/85B50ueLuH
@__kokumoto
9 Mar 2025
958 Impressions
2 Retweets
8 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2024-50394: QNAP Helpdesk Vulnerability Could Allow Remote System Compromise https://t.co/0KEdYBCZww
@Dinosn
9 Mar 2025
2771 Impressions
1 Retweet
13 Likes
5 Bookmarks
0 Replies
0 Quotes
CVE-2024-50394: QNAP Helpdesk Vulnerability Could Allow Remote System Compromise Learn about CVE-2024-50394, a vulnerability affecting QNAP Helpdesk. Update your system to prevent potential security breaches. https://t.co/YPkUwKq1rA
@the_yellow_fall
9 Mar 2025
505 Impressions
4 Retweets
7 Likes
2 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:qnap:helpdesk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B692159-24E4-421C-8C4C-928A2E584968",
"versionEndExcluding": "3.3.3",
"versionStartIncluding": "3.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]