CVE-2023-45038
MEDIUM EXPLOITED NUCLEIQNAP Music Station 5.0.0-5.3.9 - Improper Authentication
Title source: llmExploitation Summary
CVE-2023-45038 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.
Description
An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Music Station 5.4.0 and later
Nuclei Templates (1)
QNAP Music Station < 5.4.0 - Authentication Bypass
MEDIUMVERIFIEDby daffainfo
Shodan:
http.title:"qnap"
FOFA:
title="qnap"
References (1)
Core 1
Core References
Vendor Advisory
https://www.qnap.com/en/security-advisory/qsa-24-25
Scores
CVSS v3
4.3
EPSS
0.0118
EPSS Percentile
63.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
VulnCheck KEV
2025-08-16
CWE
CWE-287
Status
published
Products (1)
qnap/music_station
5.0.0 - 5.4.0
Published
Sep 06, 2024
Tracked Since
Feb 18, 2026