CVE-2023-47564

HIGH

Qnap Qsync Central < 4.3.0.11 - Incorrect Permission Assignment

Title source: rule

Description

An incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.15 ( 2024/01/04 ) and later Qsync Central 4.3.0.11 ( 2024/01/11 ) and later

Exploits (1)

nomisec WRITEUP

by C411e · poc

https://github.com/C411e/CVE-2023-47564

View Code ZIP pw:eip

References (1)

Core 1

Core References

Vendor Advisory

https://www.qnap.com/en/security-advisory/qsa-24-03

Scores

CVSS v3 8.0

EPSS 0.0795

EPSS Percentile 92.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-732

Status published

Products (1)

qnap/qsync_central 4.3.0.0 - 4.3.0.11

Published Feb 02, 2024

Tracked Since Feb 18, 2026