CVE-2023-23369 QTS, Multimedia Console, and Media Streaming add-on

🗓️ 03 Nov 2023 16:34:40Reported by qnapType

CVE-2023-23369 vulnerability in QNAP O

Reporter	Title	Published	Views	Family All 16
BDU FSTEC	The vulnerability of the QTS operating system, the Media Streaming application for streaming multimedia files, and the Multimedia Console on QNAP devices allows a perpetrator to execute arbitrary commands.	11 Nov 202300:00	–	bdu_fstec
Circl	CVE-2023-23369	8 Nov 202310:06	–	circl
CNNVD	QNAP Systems QTS Operating System Command Injection Vulnerability	3 Nov 202300:00	–	cnnvd
CVE	CVE-2023-23369	3 Nov 202316:34	–	cve
Malwarebytes	QNAP warns about critical vulnerabilities in NAS systems	8 Nov 202311:34	–	malwarebytes
NCSC	Maladies fixed in Qnap QTS and QuTS Hero	6 Nov 202300:00	–	ncsc
NVD	CVE-2023-23369	3 Nov 202317:15	–	nvd
OpenVAS	QNAP QTS OS Command Injection Vulnerability (QSA-23-35)	7 Nov 202300:00	–	openvas
OSV	CVE-2023-23369	3 Nov 202317:15	–	osv
Prion	Command injection	3 Nov 202317:15	–	prion

[
  {
    "defaultStatus": "unaffected",
    "product": "Multimedia Console",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "2.1.2 ( 2023/05/04 )",
        "status": "affected",
        "version": "2.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "1.4.8 ( 2023/05/05 )",
        "status": "affected",
        "version": "1.4.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "QTS",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "5.1.0.2399 build 20230515",
        "status": "affected",
        "version": "5.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "4.3.6.2441 build 20230621",
        "status": "affected",
        "version": "4.3.6",
        "versionType": "custom"
      },
      {
        "lessThan": "4.3.4.2451 build 20230621",
        "status": "affected",
        "version": "4.3.4",
        "versionType": "custom"
      },
      {
        "lessThan": "4.3.3.2420 build 20230621",
        "status": "affected",
        "version": "4.3.3",
        "versionType": "custom"
      },
      {
        "lessThan": "4.2.6 build 20230621",
        "status": "affected",
        "version": "4.2.x",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "Media Streaming add-on",
    "vendor": "QNAP Systems Inc.",
    "versions": [
      {
        "lessThan": "500.1.1.2 ( 2023/06/12 )",
        "status": "affected",
        "version": "500.1.x",
        "versionType": "custom"
      },
      {
        "lessThan": "500.0.0.11 ( 2023/06/16 )",
        "status": "affected",
        "version": "500.0.x",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
qnap	www.qnap.com/en/security-advisory/qsa-23-35

03 Nov 2023 16:34Current

9.9High risk

Vulners AI Score9.9

CVSS 3.19

EPSS0.14405

os command injection qnap multimedia console media streaming network execution vulnerability fix qts 5.1.0 qts 4.3.6 qts 4.3.4 qts 4.3.3 qts 4.2.6 media streaming add-on 500.1.1.2 media streaming add-on 500.0.0.11