Description
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later
References (1)
Core 1
Core References
Vendor Advisory
https://www.qnap.com/en/security-advisory/qsa-23-31
Scores
CVSS v3
9.8
EPSS
0.0356
EPSS Percentile
87.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (45)
qnap/qts
5.0.1
qnap/qts
5.0.1.2034 build_20220515
qnap/qts
5.0.1.2079 build_20220629
qnap/qts
5.0.1.2131 build_20220820
qnap/qts
5.0.1.2137 build_20220826
qnap/qts
5.0.1.2145 build_20220903
qnap/qts
5.0.1.2173 build_20221001
qnap/qts
5.0.1.2194 build_20221022
qnap/qts
5.0.1.2234 build_20221201
qnap/qts
5.0.1.2248 build_20221215
... and 35 more
Published
Nov 03, 2023
Tracked Since
Feb 18, 2026