CVE-2024-53694

Published: Mar 7, 2025

Modified: Mar 7, 2025

PUBLISHED

Description

A time-of-check time-of-use (TOCTOU) race condition vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local attackers who have gained user access to gain access to otherwise unauthorized resources. We have already fixed the vulnerability in the following versions: QVPN Device Client for Mac 2.2.5 and later Qsync for Mac 5.1.3 and later Qfinder Pro Mac 7.11.1 and later

Vendor	Product	Versions
QNAP Systems Inc.	QVPN Device Client for Mac	affected `2.2.x - < 2.2.5`
QNAP Systems Inc.	Qsync for Mac	affected `5.1.x - < 5.1.3`
QNAP Systems Inc.	Qfinder Pro Mac	affected `7.11.x - < 7.11.1`

Weaknesses (CWE)

CWE-367

References

https://www.qnap.com/en/security-advisory/qsa-24-51

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-53694

Description

Affected Products

Weaknesses (CWE)

References