Qsync Central

CVE-2023-47564

8HIGH

Key Information

Vendor: QNAP
Status: Qsync Central
Vendor: CVE Published:; 2 February 2024

Badges

👾 Exploit Exists

Summary

An incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.15 ( 2024/01/04 ) and later Qsync Central 4.3.0.11 ( 2024/01/11 ) and later

Affected Version(s)

Qsync Central < 4.4.0.15 ( 2024/01/04 )

Qsync Central < 4.3.0.11 ( 2024/01/11 )

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

👾
Exploit exists.
Aug 30, 2024
Risk change from: 8.1 to: 8 - (HIGH)
Aug 29, 2024
Vulnerability published.
Feb 2, 2024
Vulnerability Reserved.
Nov 6, 2023

Collectors

NVD DatabaseMitre Database0 Proof of Concept(s)

Credit

c411e