Qsync Central
CVE-2023-47564
8HIGH
Key Information
- Vendor
- QNAP
- Status
- Qsync Central
- Vendor
- CVE Published:
- 2 February 2024
Badges
👾 Exploit Exists
Summary
An incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network.
We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.15 ( 2024/01/04 ) and later Qsync Central 4.3.0.11 ( 2024/01/11 ) and later
Affected Version(s)
Qsync Central < 4.4.0.15 ( 2024/01/04 )
Qsync Central < 4.3.0.11 ( 2024/01/11 )
Refferences
CVSS V3.1
Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged
Timeline
- 🔴
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
Collectors
NVD DatabaseMitre Database0 Proof of Concept(s)
Credit
c411e