Lucene search

QnapCVE-2023-41283

HistoryFeb 02, 2024 - 4:15 p.m.

CVE-2023-41283

2024-02-0216:15:49

CWE-78

CWE-77

qnap

web.nvd.nist.gov

cve-2023-41283

os command injection

qnap

qts

quts

qutscloud

vulnerability

patch

nvd

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

High

EPSS

0.001

Percentile

17.1%

JSON

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.

We have already fixed the vulnerability in the following versions:
QTS 5.1.4.2596 build 20231128 and later
QuTS hero h5.1.4.2596 build 20231128 and later
QuTScloud c5.1.5.2651 and later

Affected configurations

Nvd

Node

qnapqtsMatch5.1.0.2348build_20230325

qnapqtsMatch5.1.0.2399build_20230515

qnapqtsMatch5.1.0.2418build_20230603

qnapqtsMatch5.1.0.2444build_20230629

qnapqtsMatch5.1.0.2466build_20230721

qnapqtsMatch5.1.1.2491build_20230815

qnapqtsMatch5.1.2.2533build_20230926

qnapqtsMatch5.1.3.2578build_20231110

qnapqtsMatch5.1.4.2596-

qnapquts_heroMatchh5.1.0.2409build_20230525

qnapquts_heroMatchh5.1.0.2424build_20230609

qnapquts_heroMatchh5.1.0.2453build_20230708

qnapquts_heroMatchh5.1.0.2466build_20230721

qnapquts_heroMatchh5.1.1.2488build_20230812

qnapquts_heroMatchh5.1.2.2534build_20230927

qnapquts_heroMatchh5.1.3.2578build_20231110

qnapquts_heroMatchh5.1.4.2596-

qnapqutscloudMatchc5.1.0.2498build_20230822

VendorProductVersionCPE
qnapqts5.1.0.2348cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*
qnapqts5.1.0.2399cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*
qnapqts5.1.0.2418cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*
qnapqts5.1.0.2444cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*
qnapqts5.1.0.2466cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*
qnapqts5.1.1.2491cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*
qnapqts5.1.2.2533cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*
qnapqts5.1.3.2578cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110:*:*:*:*:*:*
qnapqts5.1.4.2596cpe:2.3:o:qnap:qts:5.1.4.2596:-:*:*:*:*:*:*
qnapquts_heroh5.1.0.2409cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*

Vendor	Product	Version	CPE
qnap	qts	5.1.0.2348	cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325::::::
qnap	qts	5.1.0.2399	cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515::::::
qnap	qts	5.1.0.2418	cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603::::::
qnap	qts	5.1.0.2444	cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629::::::
qnap	qts	5.1.0.2466	cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721::::::
qnap	qts	5.1.1.2491	cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815::::::
qnap	qts	5.1.2.2533	cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926::::::
qnap	qts	5.1.3.2578	cpe:2.3:o:qnap:qts:5.1.3.2578:build_20231110::::::
qnap	qts	5.1.4.2596	cpe:2.3:o:qnap:qts:5.1.4.2596:-::::::
qnap	quts_hero	h5.1.0.2409	cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525::::::

Rows per page:

1-10 of 181

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.1.4.2596 build 20231128",
        "status": "affected",
        "version": "5.1.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTS hero",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "h5.1.4.2596 build 20231128",
        "status": "affected",
        "version": "h5.1.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QuTScloud",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "c5.1.5.2651",
        "status": "affected",
        "version": "c5.x.x",
        "versionType": "custom"
      }
    ]
  }
]