OS Command Injection Vulnerability Affects QNAP Operating System Versions
CVE-2023-34980

5.9MEDIUM

Key Information:

Vendor: QNAP
Status: Qts; Quts Hero
Vendor: CVE Published:; 8 March 2024

What is CVE-2023-34980?

An OS command injection vulnerability has been identified in various versions of the QNAP operating system, impacting both QTS and QuTS hero products. This vulnerability allows authenticated administrators to execute arbitrary commands over the network, potentially compromising the security of the system. Users are encouraged to update to the latest versions, QTS 4.5.4.2627 build 20231225 and QuTS hero h4.5.4.2626 build 20231225 or later, to mitigate the risks associated with this vulnerability. For more information and guidance, refer to the official security advisory.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

QTS 4.5.x < 4.5.4.2627 build 20231225

QuTS hero h4.5.x

References

https://www.qnap.com/en/security-advisory/qsa-24-12

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 8, 2024
Vulnerability Reserved
Jun 8, 2023

Credit

Tyaoo、0x14

JSON

QNAP