Buffer Copy Vulnerability Affects QNAP Operating System Versions
CVE-2023-50361

8.8HIGH

Key Information:

Vendor
QNAP
Status
Qts
Vendor
CVE Published:
26 April 2024

Summary

A vulnerability has been identified in multiple versions of the QNAP operating system, characterized by a buffer copy issue that does not appropriately verify the size of input data. This flaw, if exploited, poses a significant risk as it could potentially allow authenticated users to execute arbitrary code over a network. QNAP has implemented fixes in the specified versions, emphasizing the importance of upgrading to maintain system integrity and security.

References

https://www.qnap.com/en/security-advisory/qsa-24-20

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.