CVE-2023-47567
MEDIUMQNAP QTS and QuTS hero - Authenticated OS Command Injection
Title source: llmDescription
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later
References (1)
Core 1
Core References
Vendor Advisory
https://www.qnap.com/en/security-advisory/qsa-24-05
Scores
CVSS v3
4.7
EPSS
0.0009
EPSS Percentile
25.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-78
Status
published
Products (47)
qnap/qts
4.5.4.1715 build_20210630
qnap/qts
4.5.4.1723 build_20210708
qnap/qts
4.5.4.1741 build_20210726
qnap/qts
4.5.4.1787 build_20210910
qnap/qts
4.5.4.1800 build_20210923
qnap/qts
4.5.4.1892 build_20211223
qnap/qts
4.5.4.1931 build_20220128
qnap/qts
4.5.4.2012 build_20220419
qnap/qts
4.5.4.2117 build_20220802
qnap/qts
4.5.4.2280 build_20230112
... and 37 more
Published
Feb 02, 2024
Tracked Since
Feb 18, 2026