QTS, QuTS hero, QuTScloud
CVE-2023-47566

7.2HIGH

Key Information:

Vendor: QNAP
Status: QTS; QuTS hero; QuTScloud
Vendor: CVE Published:; 2 February 2024

What is CVE-2023-47566?

An OS command injection vulnerability has been identified in multiple versions of QNAP's operating systems. This flaw allows authenticated administrators to potentially execute arbitrary commands over the network, thereby presenting a significant risk to system integrity. Prompt updates are essential to mitigate this issue and safeguard against potential exploitation.

Affected Version(s)

QTS 5.1.x < 5.1.5.2645 build 20240116

QuTS hero h5.1.x

QuTScloud c5.x.x

References

https://www.qnap.com/en/security-advisory/qsa-24-04

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 2, 2024
Vulnerability Reserved
Nov 6, 2023

Credit

nobodyisnobody