Lucene search

[email protected]NVD:CVE-2023-47565

HistoryDec 08, 2023 - 4:15 p.m.

CVE-2023-47565

2023-12-0816:15:16

CWE-78

[email protected]

web.nvd.nist.gov

command injection

qnap

viostor nvr

qvr firmware 4.x

authenticated users

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.02

Percentile

89.0%

JSON

An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network.

We have already fixed the vulnerability in the following versions:

QVR Firmware 5.0.0 and later

Affected configurations

Nvd

Node

qnapqvr_firmwareRange4.0.0–5.0.0

VendorProductVersionCPE
qnapqvr_firmware*cpe:2.3:o:qnap:qvr_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qnap	qvr_firmware	*	cpe:2.3:o:qnap:qvr_firmware::::::::

References

www.qnap.com/en/security-advisory/qsa-23-48

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.02

Percentile

89.0%

JSON

Related for NVD:CVE-2023-47565

cisa_kev1 ics1 prion1 cve1 cvelist1 attackerkb1 nessus2 thn1