CVE-2024-32764

Published: Apr 26, 2024Modified: Dec 10, 2025

9.9

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L

Exploitability: 3.9 / Impact: 5.3

Source: security@qnapsecurity.com.tw (Secondary)

Description

A missing authentication for critical function vulnerability has been reported to affect myQNAPcloud Link. If exploited, the vulnerability could allow users with the privilege level of some functionality via a network. We have already fixed the vulnerability in the following version: myQNAPcloud Link 2.4.51 and later

Affected (1)

Products: Qnap: Myqnapcloud Link

1 product

Myqnapcloud Link

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Qnap Myqnapcloud Link	From 2.4.0 to 2.4.51

Related CWEs

Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

Exposed Dangerous Method or Function

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

References (2)

https://www.qnap.com/en/security-advisory/qsa-24-09

Source: security@qnapsecurity.com.tw

Vendor Advisory

https://www.qnap.com/en/security-advisory/qsa-24-09

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.