Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-23369

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.2 ( 2023/05/04 ) and later Multimedia Console 1.4.8 ( 2023/05/05 ) and later QTS 5.1.0.2399 build 20230515 and later QTS 4.3.6.2441 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later

Published

2023-11-03T17:15:08.327

Last Modified

2024-11-21T07:46:02.830

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.0 (CRITICAL)

Weaknesses

Type: Secondary
CWE-77
CWE-78
Type: Primary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	qnap	qts	5.1.0.2348	Yes
Operating System	qnap	qts	4.3.6.0895	Yes
Operating System	qnap	qts	4.3.6.0907	Yes
Operating System	qnap	qts	4.3.6.0923	Yes
Operating System	qnap	qts	4.3.6.0944	Yes
Operating System	qnap	qts	4.3.6.0959	Yes
Operating System	qnap	qts	4.3.6.0979	Yes
Operating System	qnap	qts	4.3.6.0993	Yes
Operating System	qnap	qts	4.3.6.1013	Yes
Operating System	qnap	qts	4.3.6.1033	Yes
Operating System	qnap	qts	4.3.6.1070	Yes
Operating System	qnap	qts	4.3.6.1154	Yes
Operating System	qnap	qts	4.3.6.1218	Yes
Operating System	qnap	qts	4.3.6.1263	Yes
Operating System	qnap	qts	4.3.6.1286	Yes
Operating System	qnap	qts	4.3.6.1333	Yes
Operating System	qnap	qts	4.3.6.1411	Yes
Operating System	qnap	qts	4.3.6.1446	Yes
Operating System	qnap	qts	4.3.6.1620	Yes
Operating System	qnap	qts	4.3.6.1663	Yes
Operating System	qnap	qts	4.3.6.1711	Yes
Operating System	qnap	qts	4.3.6.1750	Yes
Operating System	qnap	qts	4.3.6.1831	Yes
Operating System	qnap	qts	4.3.6.1907	Yes
Operating System	qnap	qts	4.3.6.1965	Yes
Operating System	qnap	qts	4.3.6.2050	Yes
Operating System	qnap	qts	4.3.6.2232	Yes
Operating System	qnap	qts	4.3.4.0899	Yes
Operating System	qnap	qts	4.3.4.1029	Yes
Operating System	qnap	qts	4.3.4.1082	Yes
Operating System	qnap	qts	4.3.4.1190	Yes
Operating System	qnap	qts	4.3.4.1282	Yes
Operating System	qnap	qts	4.3.4.1368	Yes
Operating System	qnap	qts	4.3.4.1417	Yes
Operating System	qnap	qts	4.3.4.1463	Yes
Operating System	qnap	qts	4.3.4.1632	Yes
Operating System	qnap	qts	4.3.4.1652	Yes
Operating System	qnap	qts	4.3.4.1976	Yes
Operating System	qnap	qts	4.3.4.2107	Yes
Operating System	qnap	qts	4.3.4.2242	Yes
Operating System	qnap	qts	4.3.3.0174	Yes
Operating System	qnap	qts	4.3.3.0868	Yes
Operating System	qnap	qts	4.3.3.0998	Yes
Operating System	qnap	qts	4.3.3.1051	Yes
Operating System	qnap	qts	4.3.3.1098	Yes
Operating System	qnap	qts	4.3.3.1161	Yes
Operating System	qnap	qts	4.3.3.1252	Yes
Operating System	qnap	qts	4.3.3.1315	Yes
Operating System	qnap	qts	4.3.3.1386	Yes
Operating System	qnap	qts	4.3.3.1432	Yes
Operating System	qnap	qts	4.3.3.1624	Yes
Operating System	qnap	qts	4.3.3.1677	Yes
Operating System	qnap	qts	4.3.3.1693	Yes
Operating System	qnap	qts	4.3.3.1799	Yes
Operating System	qnap	qts	4.3.3.1864	Yes
Operating System	qnap	qts	4.3.3.1945	Yes
Operating System	qnap	qts	4.3.3.2057	Yes
Operating System	qnap	qts	4.3.3.2211	Yes
Operating System	qnap	qts	4.2.6	Yes
Operating System	qnap	qts	4.2.6	Yes
Operating System	qnap	qts	4.2.6	Yes
Operating System	qnap	qts	4.2.6	Yes
Operating System	qnap	qts	4.2.6	Yes
Operating System	qnap	qts	4.2.6	Yes
Operating System	qnap	qts	4.2.6	Yes
Operating System	qnap	qts	4.2.6	Yes
Operating System	qnap	qts	4.2.6	Yes
Operating System	qnap	qts	4.2.6	Yes
Operating System	qnap	qts	4.2.6	Yes
Operating System	qnap	qts	4.2.6	Yes
Operating System	qnap	qts	4.2.6	Yes
Operating System	qnap	qts	4.2.6	Yes
Application	qnap	multimedia_console	2.1.0	Yes
Application	qnap	multimedia_console	2.1.1	Yes
Application	qnap	multimedia_console	1.4.3	Yes
Application	qnap	multimedia_console	1.4.4	Yes
Application	qnap	multimedia_console	1.4.5	Yes
Application	qnap	multimedia_console	1.4.6	Yes
Application	qnap	multimedia_console	1.4.7	Yes
Application	qnap	media_streaming_add-on	500.1.1.0	Yes
Application	qnap	media_streaming_add-on	500.1.1.1	Yes
Application	qnap	media_streaming_add-on	500.0.0.0	Yes
Application	qnap	media_streaming_add-on	500.0.0.1	Yes
Application	qnap	media_streaming_add-on	500.0.0.3	Yes
Application	qnap	media_streaming_add-on	500.0.0.4	Yes
Application	qnap	media_streaming_add-on	500.0.0.5	Yes
Application	qnap	media_streaming_add-on	500.0.0.6	Yes
Application	qnap	media_streaming_add-on	500.0.0.7	Yes
Application	qnap	media_streaming_add-on	500.0.0.8	Yes
Application	qnap	media_streaming_add-on	500.0.0.9	Yes
Application	qnap	media_streaming_add-on	500.0.0.10	Yes

References

https://www.qnap.com/en/security-advisory/qsa-23-35 Vendor Advisory ([email protected])
https://www.qnap.com/en/security-advisory/qsa-23-35 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)