← Back

CVE-2023-23369

nvd nist
Published: Nov 3, 2023Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.2 ( 2023/05/04 ) and later Multimedia Console 1.4.8 ( 2023/05/05 ) and later QTS 5.1.0.2399 build 20230515 and later QTS 4.3.6.2441 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later

Affected (91)

Qnap
3 products
Qts
Multimedia Console
Media Streaming Add On
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Qts
Version 5.1.0.2348 build_20230325
Configuration B
26 vulnerable
Vulnerable SoftwareAffected Versions
Qnap
Qts
Version 4.3.6.0895 build_20190328
Qts
Version 4.3.6.0907 build_20190409
Qts
Version 4.3.6.0923 build_20190425
Qts
Version 4.3.6.0944 build_20190516
Qts
Version 4.3.6.0959 build_20190531
Qts
Version 4.3.6.0979 build_20190620
Qts
Version 4.3.6.0993 build_20190704
Qts
Version 4.3.6.1013 build_20190724
Qts
Version 4.3.6.1033 build_20190813
Qts
Version 4.3.6.1070 build_20190919
Qts
Version 4.3.6.1154 build_20191212
Qts
Version 4.3.6.1218 build_20200214
Qts
Version 4.3.6.1263 build_20200330
Qts
Version 4.3.6.1286 build_20200422
Qts
Version 4.3.6.1333 build_20200608
Qts
Version 4.3.6.1411 build_20200825
Qts
Version 4.3.6.1446 build_20200929
Qts
Version 4.3.6.1620 build_20210322
Qts
Version 4.3.6.1663 build_20210504
Qts
Version 4.3.6.1711 build_20210621
Qts
Version 4.3.6.1750 build_20210730
Qts
Version 4.3.6.1831 build_20211019
Qts
Version 4.3.6.1907 build_20220103
Qts
Version 4.3.6.1965 build_20220302
Qts
Version 4.3.6.2050 build_20220526
Qts
Version 4.3.6.2232 build_20221124
Configuration C
13 vulnerable
Vulnerable SoftwareAffected Versions
Qnap
Qts
Version 4.3.4.0899 build_20190322
Qts
Version 4.3.4.1029 build_20190730
Qts
Version 4.3.4.1082 build_20190921
Qts
Version 4.3.4.1190 build_20200107
Qts
Version 4.3.4.1282 build_20200408
Qts
Version 4.3.4.1368 build_20200703
Qts
Version 4.3.4.1417 build_20200821
Qts
Version 4.3.4.1463 build_20201006
Qts
Version 4.3.4.1632 build_20210324
Qts
Version 4.3.4.1652 build_20210413
Qts
Version 4.3.4.1976 build_20220303
Qts
Version 4.3.4.2107 build_20220712
Qts
Version 4.3.4.2242 build_20221124
Configuration D
18 vulnerable
Vulnerable SoftwareAffected Versions
Qnap
Qts
Version 4.3.3.0174 build_20170503
Qts
Version 4.3.3.0868 build_20190322
Qts
Version 4.3.3.0998 build_20190730
Qts
Version 4.3.3.1051 build_20190921
Qts
Version 4.3.3.1098 build_20191107
Qts
Version 4.3.3.1161 build_20200109
Qts
Version 4.3.3.1252 build_20200409
Qts
Version 4.3.3.1315 build_20200611
Qts
Version 4.3.3.1386 build_20200821
Qts
Version 4.3.3.1432 build_20201006
Qts
Version 4.3.3.1624 build_20210416
Qts
Version 4.3.3.1677 build_20210608
Qts
Version 4.3.3.1693 build_20210624
Qts
Version 4.3.3.1799 build_20211008
Qts
Version 4.3.3.1864 build_20211212
Qts
Version 4.3.3.1945 build_20220303
Qts
Version 4.3.3.2057 build_20220623
Qts
Version 4.3.3.2211 build_20221124
Configuration E
14 vulnerable
Vulnerable SoftwareAffected Versions
Qnap
Qts
Version 4.2.6 build_20170517
Qts
Version 4.2.6 build_20190322
Qts
Version 4.2.6 build_20190730
Qts
Version 4.2.6 build_20190921
Qts
Version 4.2.6 build_20191107
Qts
Version 4.2.6 build_20200109
Qts
Version 4.2.6 build_20200421
Qts
Version 4.2.6 build_20200611
Qts
Version 4.2.6 build_20200821
Qts
Version 4.2.6 build_20210327
Qts
Version 4.2.6 build_20211215
Qts
Version 4.2.6 build_20220304
Qts
Version 4.2.6 build_20220623
Qts
Version 4.2.6 build_20221028
Configuration F
2 vulnerable
Vulnerable SoftwareAffected Versions
Qnap
Multimedia Console
Version 2.1.0
Multimedia Console
Version 2.1.1
Configuration G
5 vulnerable
Vulnerable SoftwareAffected Versions
Qnap
Multimedia Console
Version 1.4.3
Multimedia Console
Version 1.4.4
Multimedia Console
Version 1.4.5
Multimedia Console
Version 1.4.6
Multimedia Console
Version 1.4.7
Configuration H
2 vulnerable
Vulnerable SoftwareAffected Versions
Qnap
Media Streaming Add On
Version 500.1.1.0
Media Streaming Add On
Version 500.1.1.1
Configuration I
10 vulnerable
Vulnerable SoftwareAffected Versions
Qnap
Media Streaming Add On
Version 500.0.0.0
Media Streaming Add On
Version 500.0.0.10
Media Streaming Add On
Version 500.0.0.1
Media Streaming Add On
Version 500.0.0.3
Media Streaming Add On
Version 500.0.0.4
Media Streaming Add On
Version 500.0.0.5
Media Streaming Add On
Version 500.0.0.6
Media Streaming Add On
Version 500.0.0.7
Media Streaming Add On
Version 500.0.0.8
Media Streaming Add On
Version 500.0.0.9

Related CWEs

CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (2)

Source: security@qnapsecurity.com.tw
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.