An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors.
QES is not affected.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2346 build 20230322 and later
QTS 4.5.4.2374 build 20230416 and later
QuTS hero h5.0.1.2348 build 20230324 and later
QuTS hero h4.5.4.2374 build 20230417 and later
QuTScloud c5.0.1.2374 and later
References
Link | Resource |
---|---|
https://www.qnap.com/en/security-advisory/qsa-23-10 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
History
01 Sep 2023, 17:10
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
30 Aug 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
Summary | An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors. QES is not affected. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2348 build 20230324 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later |
20 Apr 2023, 13:15
Type | Values Removed | Values Added |
---|---|---|
Summary | A vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated administrators to execute arbitrary commands via susceptible QNAP devices. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances), QVR QES is not affected. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later QuTS hero h4.5.4.2374 build 20230417 and later |
06 Apr 2023, 18:04
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.qnap.com/en/security-advisory/qsa-23-10 - Vendor Advisory | |
CWE | CWE-77 | |
First Time |
Qnap qvp-85b Firmware
Qnap qvp-85b Qnap qvp-63a Firmware Qnap qvp-63b Qnap qvp-41b Firmware Qnap qutscloud Qnap qvp-41b Qnap qvr Qnap quts Hero Qnap qvp-85a Qnap qvp-63a Qnap qvp-85a Firmware Qnap Qnap qvp-21a Firmware Qnap qts Qnap qvp-21a Qnap qvp-41a Firmware Qnap qvp-63b Firmware Qnap qvp-41a |
|
CPE | cpe:2.3:h:qnap:qvp-21a:-:*:*:*:*:*:*:* cpe:2.3:o:qnap:qvp-41b_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:*:*:*:*:*:*:*:* cpe:2.3:h:qnap:qvp-63a:-:*:*:*:*:*:*:* cpe:2.3:h:qnap:qvp-41a:-:*:*:*:*:*:*:* cpe:2.3:o:qnap:qvp-85b_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qnap:qvp-63b:-:*:*:*:*:*:*:* cpe:2.3:o:qnap:qutscloud:-:*:*:*:*:*:*:* cpe:2.3:o:qnap:qvp-41a_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:* cpe:2.3:h:qnap:qvp-85a:-:*:*:*:*:*:*:* cpe:2.3:o:qnap:qvp-21a_firmware:-:*:*:*:*:*:*:* cpe:2.3:a:qnap:qvr:-:*:*:*:*:*:*:* cpe:2.3:o:qnap:qvp-63b_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:qnap:qvp-63a_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:qnap:qvp-41b:-:*:*:*:*:*:*:* cpe:2.3:h:qnap:qvp-85b:-:*:*:*:*:*:*:* cpe:2.3:o:qnap:qvp-85a_firmware:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
29 Mar 2023, 07:29
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-03-29 05:15
Updated : 2023-12-10 15:01
NVD link : CVE-2023-23355
Mitre link : CVE-2023-23355
CVE.ORG link : CVE-2023-23355
JSON object : View
Products Affected
qnap
- qvp-63b
- qvp-21a
- qvp-41b_firmware
- qvr
- qvp-21a_firmware
- qvp-41a
- qvp-41a_firmware
- qvp-85a
- qts
- qvp-85b
- qvp-63a
- qvp-85a_firmware
- qutscloud
- quts_hero
- qvp-63a_firmware
- qvp-63b_firmware
- qvp-85b_firmware
- qvp-41b