← Volver a CVEs
CVE-2024-38646
MEDIUM6.0
Descripcion
An incorrect permission assignment for critical resource vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow local authenticated attackers who have gained administrator access to read or modify the resource. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later
Detalles CVE
Puntuacion CVSS v3.16.0
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosHIGH
Interaccion usuarioNONE
Publicado11/22/2024
Ultima modificacion9/20/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
qnap:notes_station_3
Debilidades (CWE)
CWE-732
Referencias
https://www.qnap.com/en/security-advisory/qsa-24-36(security@qnapsecurity.com.tw)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.