QTS, QuTS hero, QuTScloud
CVE-2023-41281

5.5MEDIUM

Key Information:

Vendor: QNAP
Status: Qts; Quts Hero; Qutscloud
Vendor: CVE Published:; 2 February 2024

What is CVE-2023-41281?

An OS command injection vulnerability exists in several versions of QNAP operating systems, potentially allowing authenticated administrators to execute arbitrary commands through network interfaces. This can lead to unauthorized access and control over the affected systems. Users are urged to update to the latest versions, specifically QTS 5.1.4.2596 build 20231128, QuTS hero h5.1.4.2596 build 20231128, and QuTScloud c5.1.5.2651 or later to mitigate the risk associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

QTS 5.1.x < 5.1.4.2596 build 20231128

QuTS hero h5.1.x

QuTScloud c5.x.x

References

https://www.qnap.com/en/security-advisory/qsa-23-53

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 2, 2024
Vulnerability Reserved
Aug 28, 2023

Credit

rekter0

JSON

QNAP