CVE-2023-23362

Name of the Vulnerable Software and Affected Versions QTS versions prior to 5.0.1.2376 build 20230421 QTS versions prior to 4.5.4.2374 build 20230416 QuTS hero versions prior to h5.0.1.2376 build 20230421 QuTS hero versions prior to h4.5.4.2374 build 20230417 QuTScloud versions prior to c5.0.1.2374

Description An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices.

Recommendations For QTS versions prior to 5.0.1.2376 build 20230421, update to QTS 5.0.1.2376 build 20230421 or later. For QTS versions prior to 4.5.4.2374 build 20230416, update to QTS 4.5.4.2374 build 20230416 or later. For QuTS hero versions prior to h5.0.1.2376 build 20230421, update to QuTS hero h5.0.1.2376 build 20230421 or later. For QuTS hero versions prior to h4.5.4.2374 build 20230417, update to QuTS hero h4.5.4.2374 build 20230417 or later. For QuTScloud versions prior to c5.0.1.2374, update to QuTScloud c5.0.1.2374 or later.