{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T19:07:35.809","vulnerabilities":[{"cve":{"id":"CVE-2024-50387","sourceIdentifier":"security@qnapsecurity.com.tw","published":"2024-12-06T17:15:09.247","lastModified":"2025-12-08T18:16:51.677","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code.\n\nWe have already fixed the vulnerability in the following version:\nSMB Service 4.15.002 and later\nSMB Service h4.15.002 and later"},{"lang":"es","value":"Se ha informado de una vulnerabilidad de inyección SQL que afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podría permitir a atacantes remotos inyectar código malicioso. Ya hemos corregido la vulnerabilidad en la siguiente versión: Servicio SMB 4.15.002 y posteriores Servicio SMB h4.15.002 y posteriores"}],"metrics":{"cvssMetricV40":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"HIGH","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"HIGH","subConfidentialityImpact":"HIGH","subIntegrityImpact":"HIGH","subAvailabilityImpact":"HIGH","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security@qnapsecurity.com.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:qnap:smb_service:4.15.001:*:*:*:*:*:*:*","matchCriteriaId":"C22CD5A0-3B6C-4E70-9FF4-936EE43B958C"},{"vulnerable":true,"criteria":"cpe:2.3:a:qnap:smb_service:h4.15.001:*:*:*:*:*:*:*","matchCriteriaId":"63823D59-6842-4F6E-8FD0-2E00936D3F77"}]}]}],"references":[{"url":"https://www.qnap.com/en/security-advisory/qsa-24-42","source":"security@qnapsecurity.com.tw","tags":["Vendor Advisory"]}]}}]}