CVE-2024-50388
moderate-risk
Published 2024-12-06
An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later
Do I need to act?
~
6.0% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (1)
Vendor Advisory
https://www.qnap.com/en/security-advisory/qsa-24-41
46
/ 100
moderate-risk
Severity
32/34 · Critical
Exploitability
9/34 · Low
Exposure
5/34 · Minimal