We use cookies to improve your experience on our site.
AVID-2026-R1503
Description
QNAP AI Core (CVE-2024-38647)
Details
An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If exploited, the vulnerability could allow remote attackers to compromise the security of the system.
We have already fixed the vulnerability in the following version: QNAP AI Core 3.4.1 and later
Reason for inclusion in AVID: CVE-2024-38647 concerns QNAP AI Core, an AI software component used to provide AI capabilities on QNAP devices. This is a software vulnerability within an AI-related stack and could affect AI deployments running on or relying on QNAP AI Core. The issue is exploitable remotely and involves sensitive data exposure, with a fixed version (3.4.1+). This fits as a software supply-chain issue in AI systems (dependencies/runtime component) and has clear security impact.
References
Affected or Relevant Artifacts
- Developer: QNAP Systems Inc.
- Deployer: QNAP Systems Inc.
- Artifact Details:
| Type | Name |
|---|---|
| System | QNAP AI Core |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CWE
| ID | Description |
|---|---|
| CWE-540 | CWE-540 |
| CWE-200 | CWE-200 |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2024-11-22
- Version: 0.3.3
- AVID Entry