CVE-2023-47565

Name of the Vulnerable Software and Affected Versions QNAP VioStor NVR models running QVR Firmware versions prior to 5.0.0

Description An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models. If exploited, the vulnerability could allow authenticated users to execute commands via a network. The vulnerability exists due to the lack of measures to neutralize special elements. It is reported that the vulnerability has been exploited in the wild. Approximately 27,804 devices are potentially affected, mainly distributed in Japan, Mexico, and other countries.

Recommendations For QVR Firmware versions prior to 5.0.0, update to QVR Firmware 5.0.0 or later to resolve the issue. As a temporary workaround, consider restricting network access to the vulnerable devices until a patch is applied. Avoid using the vulnerable QVR Firmware versions until the issue is resolved.