CVE-2024-50387

Name of the Vulnerable Software and Affected Versions: QNAP SMB Service versions prior to 4.15.002 QNAP SMB Service h versions prior to h4.15.002

Description: A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code. The vulnerability is related to the lack of protection of the SQL query structure. It has been exploited in recent hacking contests, showcasing high-risk attack vectors, and may allow unauthorized access to QNAP NAS devices and sensitive data.

Recommendations: For QNAP SMB Service versions prior to 4.15.002, update to version 4.15.002 or later. For QNAP SMB Service h versions prior to h4.15.002, update to version h4.15.002 or later. As a temporary workaround, consider restricting access to the SMB Service until a patch is applied.