Lucene search
QNAP QTS, QuTS hero, QuTScloud OS Command Injection Vulnerability (CVE-2023-47218, QSA-23-57) - Active Check
🗓️ 15 Feb 2024 00:00:00Reported by Copyright (C) 2024 Greenbone AGType 
openvas🔗 plugins.openvas.org👁 12 Views
QNAP QTS, QuTS hero, QuTScloud OS Command Injection Vulnerability (CVE-2023-47218, QSA-23-57) - Active Check. Prone to OS command injection vulnerability, allowing execution of network commands via crafted HTTP request. See vendor advisory for solution
Show more
| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
 | Qnap Multiple Vulnerabilities in QTS, QuTS hero and QuTScloud (CVE-2023-47218) | 16 Oct 202400:00 | – | nessus |
| QNAP QTS / QuTS hero Multiple Vulnerabilities in QTS, QuTS hero (QSA-23-57) | 15 Feb 202400:00 | – | nessus |
 | Command injection | 13 Feb 202403:15 | – | prion |
 | QNAP QTS / QuTS Hero Unauthenticated Remote Code Execution | 22 Feb 202400:00 | – | packetstorm |
 | QNAP QTS and QuTS Hero - OS Command Injection | 5 Apr 202404:28 | – | nuclei |
 | CVE-2023-47218 | 13 Feb 202403:15 | – | nvd |
 | CVE-2023-47218 | 13 Feb 202521:04 | – | redhatcve |
 | CVE-2023-47218: QNAP QTS and QuTS Hero Unauthenticated Command Injection (FIXED) | 13 Feb 202416:00 | – | rapid7blog |
| Metasploit Weekly Wrap-Up 02/23/2024 | 23 Feb 202417:50 | – | rapid7blog |
 | CVE-2023-47218 QTS, QuTS hero, QuTScloud | 13 Feb 202402:44 | – | cvelist |
10
| Source | Link |
|---|---|
| qnap | www.qnap.com/en/security-advisory/qsa-23-57 |
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE_PREFIX = "cpe:/o:qnap:q";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.151741");
script_version("2024-02-15T14:37:33+0000");
script_tag(name:"last_modification", value:"2024-02-15 14:37:33 +0000 (Thu, 15 Feb 2024)");
script_tag(name:"creation_date", value:"2024-02-15 05:45:46 +0000 (Thu, 15 Feb 2024)");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:A/AC:H/Au:N/C:P/I:P/A:P");
script_cve_id("CVE-2023-47218");
script_tag(name:"qod_type", value:"remote_app");
script_tag(name:"solution_type", value:"VendorFix");
script_name("QNAP QTS, QuTS hero, QuTScloud OS Command Injection Vulnerability (CVE-2023-47218, QSA-23-57) - Active Check");
script_category(ACT_ATTACK);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_qnap_nas_http_detect.nasl");
script_mandatory_keys("qnap/nas/http/detected");
script_require_ports("Services/www", 8080);
script_tag(name:"summary", value:"QNAP QTS, QuTS hero and QuTScloud are prone to an OS command
injection vulnerability.");
script_tag(name:"vuldetect", value:"Sends a crafted HTTP GET request and checks the response.");
script_tag(name:"insight", value:"An OS command injection vulnerability has been reported to
affect several QNAP operating system versions. If exploited, the vulnerability could allow users
to execute commands via a network.");
script_tag(name:"solution", value:"See the referenced vendor advisory for a solution.");
script_xref(name:"URL", value:"https://www.qnap.com/en/security-advisory/qsa-23-57");
exit(0);
}
include("dump.inc");
include("host_details.inc");
include("http_func.inc");
include("http_keepalive.inc");
include("misc_func.inc");
if (!infos = get_app_port_from_cpe_prefix(cpe: CPE_PREFIX, service: "www", first_cpe_only: TRUE))
exit(0);
port = infos["port"];
cpe = infos["cpe"];
if (!get_app_location(cpe: cpe, port: port, nofork: TRUE))
exit(0);
vt_strings = get_vt_strings();
payload = vt_strings["default"];
url = "/cgi-bin/quick/quick.cgi?func=" + payload;
req = http_get(port: port, item: url);
res = http_keepalive_send_recv(port: port, data: req);
res = bin2string(ddata: res, noprint_replacement: "");
if (res =~ "^HTTP/1\.[01] 200" && "<firmware_info>" >< res) {
report = http_report_vuln_url(port: port, url: url);
security_message(port: port, data: report);
exit(0);
}
exit(99);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo15 Feb 2024 00:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS35.8
EPSS0.00413