First published: Fri Sep 22 2023(Updated: )
An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later
Credit: security@qnapsecurity.com.tw security@qnapsecurity.com.tw
Affected Software | Affected Version | How to fix |
---|---|---|
QNAP QTS | >=4.5.4<4.5.4.2374 | |
QNAP QTS | >=5.0.1<5.0.1.2376 | |
QNAP QuTS hero | >=h4.5.4<h4.5.4.2374 | |
QNAP QuTS hero | >=h5.0.1<h5.0.1.2376 | |
QNAP QuTScloud | >=c5.0.1<=c5.0.1.2374 |
We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-23362 is an OS command injection vulnerability that affects QNAP operating systems.
If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices.
QNAP QTS versions 4.5.4.2374 and lower, and QNAP Quts Hero versions h4.5.4.2374 and lower are affected.
CVE-2023-23362 has a severity of 8.8 (high).
The vulnerability has been fixed in QTS version 5.0.1.2376 and Quts Hero version h5.0.1.2376. Update your QNAP operating system to the latest fixed version.