CVE-2023-39299

🗓️ 03 Nov 2023 16:34:46Reported by qnapType

Path traversal vulnerability in Music Station, allowing unauthorized file access and data exposure

Reporter	Title	Published	Views	Family All 9
CNNVD	QNAP Systems Music Station Path Traversal Vulnerability	3 Nov 202300:00	–	cnnvd
Cvelist	CVE-2023-39299 Music Station	3 Nov 202316:34	–	cvelist
EUVD	EUVD-2023-43031	3 Oct 202520:07	–	euvd
NVD	CVE-2023-39299	3 Nov 202317:15	–	nvd
OpenVAS	QNAP QTS Music Station Path Traversal Vulnerability (QSA-23-61)	7 Nov 202300:00	–	openvas
Prion	Path traversal	3 Nov 202317:15	–	prion
Positive Technologies	PT-2023-26877 · Synology · Music Station	3 Nov 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-39299	23 May 202504:41	–	redhatcve
Vulnrichment	CVE-2023-39299 Music Station	3 Nov 202316:34	–	vulnrichment

NVD

Node

qnap music_stationRange4.8.0–4.8.11

qnap music_stationRange5.1.0–5.1.16

qnap music_stationRange5.3.0–5.3.23

[
  {
    "defaultStatus": "unaffected",
    "product": "Music Station",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "4.8.11",
        "status": "affected",
        "version": "4.8.x",
        "versionType": "custom"
      },
      {
        "lessThan": "5.1.16",
        "status": "affected",
        "version": "5.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "5.3.23",
        "status": "affected",
        "version": "5.3.x",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
qnap	www.qnap.com/en/security-advisory/qsa-23-61

21 Nov 2024 08:15Current

7.3High risk

Vulners AI Score7.3

CVSS 3.17.5

EPSS0.0013

SSVC

CWE-22