9.8

CVE-2023-23369

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.

We have already fixed the vulnerability in the following versions:
Multimedia Console 2.1.2 ( 2023/05/04 ) and later
Multimedia Console 1.4.8 ( 2023/05/05 ) and later
QTS 5.1.0.2399 build 20230515 and later
QTS 4.3.6.2441 build 20230621 and later
QTS 4.3.4.2451 build 20230621 and later
QTS 4.3.3.2420 build 20230621 and later
QTS 4.2.6 build 20230621 and later
Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later
Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later

Data is provided by the National Vulnerability Database (NVD)
QnapQts Version5.1.0.2348 Updatebuild_20230325
QnapQts Version4.3.6.0895 Updatebuild_20190328
QnapQts Version4.3.6.0907 Updatebuild_20190409
QnapQts Version4.3.6.0923 Updatebuild_20190425
QnapQts Version4.3.6.0944 Updatebuild_20190516
QnapQts Version4.3.6.0959 Updatebuild_20190531
QnapQts Version4.3.6.0979 Updatebuild_20190620
QnapQts Version4.3.6.0993 Updatebuild_20190704
QnapQts Version4.3.6.1013 Updatebuild_20190724
QnapQts Version4.3.6.1033 Updatebuild_20190813
QnapQts Version4.3.6.1070 Updatebuild_20190919
QnapQts Version4.3.6.1154 Updatebuild_20191212
QnapQts Version4.3.6.1218 Updatebuild_20200214
QnapQts Version4.3.6.1263 Updatebuild_20200330
QnapQts Version4.3.6.1286 Updatebuild_20200422
QnapQts Version4.3.6.1333 Updatebuild_20200608
QnapQts Version4.3.6.1411 Updatebuild_20200825
QnapQts Version4.3.6.1446 Updatebuild_20200929
QnapQts Version4.3.6.1620 Updatebuild_20210322
QnapQts Version4.3.6.1663 Updatebuild_20210504
QnapQts Version4.3.6.1711 Updatebuild_20210621
QnapQts Version4.3.6.1750 Updatebuild_20210730
QnapQts Version4.3.6.1831 Updatebuild_20211019
QnapQts Version4.3.6.1907 Updatebuild_20220103
QnapQts Version4.3.6.1965 Updatebuild_20220302
QnapQts Version4.3.6.2050 Updatebuild_20220526
QnapQts Version4.3.6.2232 Updatebuild_20221124
QnapQts Version4.3.4.0899 Updatebuild_20190322
QnapQts Version4.3.4.1029 Updatebuild_20190730
QnapQts Version4.3.4.1082 Updatebuild_20190921
QnapQts Version4.3.4.1190 Updatebuild_20200107
QnapQts Version4.3.4.1282 Updatebuild_20200408
QnapQts Version4.3.4.1368 Updatebuild_20200703
QnapQts Version4.3.4.1417 Updatebuild_20200821
QnapQts Version4.3.4.1463 Updatebuild_20201006
QnapQts Version4.3.4.1632 Updatebuild_20210324
QnapQts Version4.3.4.1652 Updatebuild_20210413
QnapQts Version4.3.4.1976 Updatebuild_20220303
QnapQts Version4.3.4.2107 Updatebuild_20220712
QnapQts Version4.3.4.2242 Updatebuild_20221124
QnapQts Version4.3.3.0174 Updatebuild_20170503
QnapQts Version4.3.3.0868 Updatebuild_20190322
QnapQts Version4.3.3.0998 Updatebuild_20190730
QnapQts Version4.3.3.1051 Updatebuild_20190921
QnapQts Version4.3.3.1098 Updatebuild_20191107
QnapQts Version4.3.3.1161 Updatebuild_20200109
QnapQts Version4.3.3.1252 Updatebuild_20200409
QnapQts Version4.3.3.1315 Updatebuild_20200611
QnapQts Version4.3.3.1386 Updatebuild_20200821
QnapQts Version4.3.3.1432 Updatebuild_20201006
QnapQts Version4.3.3.1624 Updatebuild_20210416
QnapQts Version4.3.3.1677 Updatebuild_20210608
QnapQts Version4.3.3.1693 Updatebuild_20210624
QnapQts Version4.3.3.1799 Updatebuild_20211008
QnapQts Version4.3.3.1864 Updatebuild_20211212
QnapQts Version4.3.3.1945 Updatebuild_20220303
QnapQts Version4.3.3.2057 Updatebuild_20220623
QnapQts Version4.3.3.2211 Updatebuild_20221124
QnapQts Version4.2.6 Updatebuild_20170517
QnapQts Version4.2.6 Updatebuild_20190322
QnapQts Version4.2.6 Updatebuild_20190730
QnapQts Version4.2.6 Updatebuild_20190921
QnapQts Version4.2.6 Updatebuild_20191107
QnapQts Version4.2.6 Updatebuild_20200109
QnapQts Version4.2.6 Updatebuild_20200421
QnapQts Version4.2.6 Updatebuild_20200611
QnapQts Version4.2.6 Updatebuild_20200821
QnapQts Version4.2.6 Updatebuild_20210327
QnapQts Version4.2.6 Updatebuild_20211215
QnapQts Version4.2.6 Updatebuild_20220304
QnapQts Version4.2.6 Updatebuild_20220623
QnapQts Version4.2.6 Updatebuild_20221028
QnapMultimedia Console Version2.1.0
QnapMultimedia Console Version2.1.1
QnapMultimedia Console Version1.4.3
QnapMultimedia Console Version1.4.4
QnapMultimedia Console Version1.4.5
QnapMultimedia Console Version1.4.6
QnapMultimedia Console Version1.4.7
QnapMedia Streaming Add-on Version500.1.1.0
QnapMedia Streaming Add-on Version500.1.1.1
QnapMedia Streaming Add-on Version500.0.0.0
QnapMedia Streaming Add-on Version500.0.0.1
QnapMedia Streaming Add-on Version500.0.0.3
QnapMedia Streaming Add-on Version500.0.0.4
QnapMedia Streaming Add-on Version500.0.0.5
QnapMedia Streaming Add-on Version500.0.0.6
QnapMedia Streaming Add-on Version500.0.0.7
QnapMedia Streaming Add-on Version500.0.0.8
QnapMedia Streaming Add-on Version500.0.0.9
QnapMedia Streaming Add-on Version500.0.0.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 14.77% 0.942
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
security@qnapsecurity.com.tw 9 2.2 6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.