Qsync Central
CVE-2023-47564

8HIGH

Key Information:

Vendor: QNAP
Status: Qsync Central
Vendor: CVE Published:; 2 February 2024

Badges

👾 Exploit Exists

What is CVE-2023-47564?

An issue with incorrect permission assignment in Qsync Central from QNAP exposes critical resources to potential read and modification by authenticated users over a network. This vulnerability underscores the importance of proper permission management to prevent unauthorized access to sensitive information. Mitigating this vulnerability requires version updates to ensure security patches are applied, specifically upgrading to Qsync Central 4.4.0.15 or later, or 4.3.0.11 or later.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Qsync Central 4.4.x.x < 4.4.0.15 ( 2024/01/04 )

Qsync Central 4.3.x.x < 4.3.0.11 ( 2024/01/11 )

References

https://www.qnap.com/en/security-advisory/qsa-24-03

EPSS Score

6% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

🟡
Public PoC available
Feb 4, 2024
👾
Exploit known to exist
Feb 4, 2024
Vulnerability published
Feb 2, 2024
Vulnerability Reserved
Nov 6, 2023

Credit

c411e

JSON

QNAP

Badges

What is CVE-2023-47564?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

EPSS Score

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.