CVE-2023-34974

Name of the Vulnerable Software and Affected Versions QTS versions prior to 4.5.4.2790 build 20240605 QuTS hero versions prior to h4.5.4.2626 build 20231225

Description An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. The issue is related to the failure to neutralize special elements used in the operating system command.

Recommendations For QTS versions prior to 4.5.4.2790 build 20240605, update to version 4.5.4.2790 build 20240605 or later. For QuTS hero versions prior to h4.5.4.2626 build 20231225, update to version h4.5.4.2626 build 20231225 or later.