CVE-2023-23355

Name of the Vulnerable Software and Affected Versions QNAP QTS versions prior to 5.0.1.2346 build 20230322 QNAP QTS versions prior to 4.5.4.2374 build 20230416 QNAP QuTS hero versions prior to h5.0.1.2348 build 20230324 QNAP QuTS hero versions prior to h4.5.4.2374 build 20230417 QNAP QuTScloud versions prior to c5.0.1.2374

Description The issue is related to an OS command injection vulnerability that could allow remote authenticated administrators to execute commands via unspecified vectors. This could potentially be achieved by sending specially crafted data.

Recommendations For QNAP QTS versions prior to 5.0.1.2346 build 20230322, update to QTS 5.0.1.2346 build 20230322 or later. For QNAP QTS versions prior to 4.5.4.2374 build 20230416, update to QTS 4.5.4.2374 build 20230416 or later. For QNAP QuTS hero versions prior to h5.0.1.2348 build 20230324, update to QuTS hero h5.0.1.2348 build 20230324 or later. For QNAP QuTS hero versions prior to h4.5.4.2374 build 20230417, update to QuTS hero h4.5.4.2374 build 20230417 or later. For QNAP QuTScloud versions prior to c5.0.1.2374, update to QuTScloud c5.0.1.2374 or later.