Lucene search

AttackerKBAKB:BD39D254-CBF8-4BA6-9E12-2DDFB9302841

HistoryDec 08, 2023 - 12:00 a.m.

CVE-2023-47565

2023-12-0800:00:00

attackerkb.com

os command injection

qnap viostor nvr

qvr firmware 4.x

authenticated users

network

fixed vulnerability

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

86.8%

JSON

An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network.

We have already fixed the vulnerability in the following versions:

QVR Firmware 5.0.0 and later

Recent assessments:

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47565

www.qnap.com/en/security-advisory/qsa-23-48

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

86.8%

JSON

Related for AKB:BD39D254-CBF8-4BA6-9E12-2DDFB9302841