Qsync Central

CVE-2023-47564

8HIGH

Key Information

Vendor
QNAP
Status
Qsync Central
Vendor
CVE Published:
2 February 2024

Badges

👾 Exploit Exists

Summary

An incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network.

We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.15 ( 2024/01/04 ) and later Qsync Central 4.3.0.11 ( 2024/01/11 ) and later

Affected Version(s)

Qsync Central < 4.4.0.15 ( 2024/01/04 )

Qsync Central < 4.3.0.11 ( 2024/01/11 )

Refferences

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🔴

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database0 Proof of Concept(s)

Credit

c411e
.