EUVD-2023-43032

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

OS command injection vulnerability affects legacy QTS allowing command execution by admins remotely.

Reporter	Title	Published	Views	Family All 8
CNNVD	QNAP Systems QTS 操作系统命令注入漏洞	6 Sep 202400:00	–	cnnvd
CVE	CVE-2023-39300	6 Sep 202416:27	–	cve
Cvelist	CVE-2023-39300 QTS	6 Sep 202416:27	–	cvelist
NVD	CVE-2023-39300	6 Sep 202417:15	–	nvd
OpenVAS	QNAP QTS OS Command Injection Vulnerability (QSA-24-26)	4 Jul 202400:00	–	openvas
Positive Technologies	PT-2023-9452 · Qnap · Qts	15 Aug 202300:00	–	ptsecurity
Tenable Nessus	Qnap QTS OS Command Injection (CVE-2023-39300)	16 Oct 202400:00	–	nessus
Vulnrichment	CVE-2023-39300 QTS	6 Sep 202416:27	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "84dfaf5e-bd67-3c7c-9133-b1be44bb84ce",
        "vendor": {
          "name": "QNAP Systems Inc."
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "46d6ca3d-2b75-34b8-a0f6-50d96b5581a6",
        "product": {
          "name": "QTS"
        },
        "product_version": "4.2.6 <4.2.6 build 20240618"
      },
      {
        "id": "518ab960-6432-3705-8a5e-b300a979c605",
        "product": {
          "name": "QTS"
        },
        "product_version": "4.3.6 <4.3.6.2805 build 20240619"
      },
      {
        "id": "a8d13070-6c82-342b-bbea-77bcc5a09b1c",
        "product": {
          "name": "QTS"
        },
        "product_version": "4.3.4 <4.3.4.2814 build 20240618"
      },
      {
        "id": "cf787dd7-4377-3c0c-85a3-05853ae667d6",
        "product": {
          "name": "QTS"
        },
        "product_version": "4.3.3 <4.3.3.2784 build 20240619"
      }
    ]
  }
]

Source	Link
qnap	www.qnap.com/en/security-advisory/qsa-24-26

03 Oct 2025 20:07Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.17.2

EPSS0.00204

SSVC