We have already fixed the vulnerability in the following versions:
QuRouter 2.4.4.106 and later
Metrics
Affected Vendors & Products
Solution
We have already fixed the vulnerability in the following versions: QuRouter 2.4.4.106 and later
Workaround
No workaround given by the vendor.
Link | Providers |
---|---|
https://www.qnap.com/en/security-advisory/qsa-24-44 |
![]() ![]() |
Wed, 24 Sep 2025 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:o:qnap:qurouter:2.4.0.190:build_20240522:*:*:*:*:*:* cpe:2.3:o:qnap:qurouter:2.4.1.172:build_20240606:*:*:*:*:*:* cpe:2.3:o:qnap:qurouter:2.4.1.634:build_20240710:*:*:*:*:*:* cpe:2.3:o:qnap:qurouter:2.4.2.317:build_20240903:*:*:*:*:*:* cpe:2.3:o:qnap:qurouter:2.4.2.538:build_20240923:*:*:*:*:*:* cpe:2.3:o:qnap:qurouter:2.4.3.103:build_20241011:*:*:*:*:*:* |
|
Metrics |
cvssV3_1
|
Tue, 26 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Qnap
Qnap qurouter |
|
CPEs | cpe:2.3:a:qnap:qurouter:*:*:*:*:*:*:*:* | |
Vendors & Products |
Qnap
Qnap qurouter |
|
Metrics |
ssvc
|
Fri, 22 Nov 2024 15:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local network attackers to execute commands. We have already fixed the vulnerability in the following versions: QuRouter 2.4.4.106 and later | |
Title | QHora | |
Weaknesses | CWE-77 CWE-78 |
|
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: qnap
Published:
Updated: 2024-11-26T15:57:56.198Z
Reserved: 2024-10-09T00:22:57.834Z
Link: CVE-2024-48861

Updated: 2024-11-22T16:38:42.010Z

Status : Analyzed
Published: 2024-11-22T16:15:28.483
Modified: 2025-09-24T19:10:13.737
Link: CVE-2024-48861

No data.

No data.