We have already fixed the vulnerability in the following version:
Notes Station 3 3.9.7 and later
Metrics
Affected Vendors & Products
Solution
We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later
Workaround
No workaround given by the vendor.
Link | Providers |
---|---|
https://www.qnap.com/en/security-advisory/qsa-24-36 |
![]() ![]() |
Mon, 22 Sep 2025 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:qnap:notes_station_3:*:*:*:*:*:*:*:* | |
Metrics |
cvssV3_1
|
Fri, 22 Nov 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Qnap
Qnap notes Station 3 |
|
CPEs | cpe:2.3:a:qnap:notes_station_3:-:*:*:*:*:*:*:* | |
Vendors & Products |
Qnap
Qnap notes Station 3 |
|
Metrics |
ssvc
|
Fri, 22 Nov 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An OS command injection vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to execute commands. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later | |
Title | Notes Station 3 | |
Weaknesses | CWE-77 CWE-78 |
|
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: qnap
Published:
Updated: 2024-11-22T16:50:56.156Z
Reserved: 2024-06-19T00:17:01.279Z
Link: CVE-2024-38644

Updated: 2024-11-22T16:50:39.161Z

Status : Analyzed
Published: 2024-11-22T16:15:25.000
Modified: 2025-09-20T03:31:49.650
Link: CVE-2024-38644

No data.

No data.