PT-2024-1010 · Qnap · Qnap Qts+1

Rekter0

Published

2024-01-05

Updated

2024-01-11

CVE-2023-39294

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QNAP QTS versions prior to 5.1.3.2578 build 20231110 QNAP QuTS hero versions prior to 5.1.3.2578 build 20231110

Description An OS command injection issue affects QNAP operating system versions, potentially allowing authenticated administrators to execute commands via a network. The vulnerability is related to the failure to neutralize special elements used in OS commands, which could enable a remote attacker to execute arbitrary commands using specially crafted data.

Recommendations For QNAP QTS versions prior to 5.1.3.2578 build 20231110, update to QTS 5.1.3.2578 build 20231110 or later. For QNAP QuTS hero versions prior to 5.1.3.2578 build 20231110, update to QuTS hero h5.1.3.2578 build 20231110 or later.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

BDU:2024-00149

CVE-2023-39294

Affected Products

Qnap Qts

Qnap Quts Hero

PT-2024-1010 · Qnap · Qnap Qts+1

CVE-2023-39294

Weakness Enumeration

Related Identifiers

Affected Products

References · 6