A CWE-346 Origin Validation Error in the CORS configuration in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to affect the device confidentiality, integrity, or availability via crafted URLs or HTTP requests.
The product does not properly verify that the source of data or communication is valid.