CVE-2024-53694

high

Description

A time-of-check time-of-use (TOCTOU) race condition vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local attackers who have gained user access to gain access to otherwise unauthorized resources. We have already fixed the vulnerability in the following versions: QVPN Device Client for Mac 2.2.5 and later Qsync for Mac 5.1.3 and later Qfinder Pro Mac 7.11.1 and later

References

https://www.qnap.com/en/security-advisory/qsa-24-51

Details

Source: Mitre, NVD

Published: 2025-03-07

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 3.3

Vector: CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N

Severity: Low

CVSS v3

Base Score: 6.3

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: Medium

CVSS v4

Base Score: 8.6

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Severity: High

EPSS

EPSS: 0.00012

Detections

Analytics