QUSBCam2
CVE-2023-23373

8.8HIGH

Key Information:

Vendor: QNAP
Status: Qusbcam2
Vendor: CVE Published:; 20 October 2023

Summary

An OS command injection vulnerability exists in QUSBCam2, allowing potentially malicious users to execute arbitrary commands over the network. This could lead to unauthorized access and control over the affected device. Users are advised to upgrade to QUSBCam2 version 2.0.3 or later to mitigate this risk.

Affected Version(s)

QUSBCam2 2.0.x < 2.0.3 ( 2023/06/15 )

References

https://www.qnap.com/en/security-advisory/qsa-23-43

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 20, 2023
Vulnerability Reserved
Jan 11, 2023

Credit

a crixer