QTS, QuTS hero, QuTScloud
CVE-2023-41282

5.5MEDIUM

Key Information:

Vendor
QNAP
Status
Qts
Quts Hero
Qutscloud
Vendor
CVE Published:
2 February 2024

Summary

An OS command injection vulnerability has been identified in multiple versions of the QNAP operating system. This security flaw allows authenticated administrators to potentially execute commands over the network, which can lead to unauthorized actions within the affected environment. QNAP has released updates to address this issue in QTS version 5.1.4.2596 build 20231128 and later, as well as in QuTS hero and QuTScloud versions that meet or exceed specified build numbers. Organizations utilizing the impacted versions are advised to apply the necessary updates to safeguard against exploitation.

Affected Version(s)

QTS 5.1.x < 5.1.4.2596 build 20231128

QuTS hero h5.1.x

QuTScloud c5.x.x

References

https://www.qnap.com/en/security-advisory/qsa-23-53

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

rekter0
.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.