PT-2023-8956 · Unknown+3 · Qbittorrent+3

Maylio

Publicado

2023-10-10

Atualizado

2025-11-21

CVE-2023-30801

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions qBittorrent versions 4.5.5 and earlier

Description The issue is related to the use of default credentials when the web user interface is enabled, allowing a remote attacker to authenticate and execute arbitrary operating system commands using the "external program" feature. This was reportedly exploited in the wild in March 2023.

Recommendations As a temporary workaround, consider disabling the "external program" feature in the web user interface until a patch is available. Restrict access to the web user interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Using Hardcoded Credentials

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-798CWE-1392

Identificadores relacionados

ALT-PU-2023-6705

BDU:2024-02758

CVE-2023-30801

OPENSUSE-SU-2023:0391-1

OPENSUSE-SU-2024:13477-1

Produtos afetados

Alt Linux

Debian

Red Os

Qbittorrent

PT-2023-8956 · Unknown+3 · Qbittorrent+3

CVE-2023-30801

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 28