What is the severity of CVE-2023-50358?

CVE-2023-50358 is considered to have a high severity due to its potential for OS command injection.

How do I fix CVE-2023-50358?

To fix CVE-2023-50358, update your QTS operating system to version 5.1.5.2645 or later.

Which QNAP operating system versions are affected by CVE-2023-50358?

CVE-2023-50358 affects several QNAP operating system versions prior to the patched 5.1.5.2645 build.

What could happen if CVE-2023-50358 is exploited?

If exploited, CVE-2023-50358 could allow unauthorized users to execute OS commands through the network.

Is there a workaround for CVE-2023-50358?

There are no reliable workarounds for CVE-2023-50358; the best course of action is to apply the software update.

Vulnerability/
CVE-2023-50358

medium

5.8

CWE

78 77

13/2/2024

13/2/2025

CVE-2023-50358: QTS, QuTS hero, QuTScloud

First published: Tue Feb 13 2024(Updated: )

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QTS 4.3.6.2665 build 20240131 and later QTS 4.3.4.2675 build 20240131 and later QTS 4.3.3.2644 build 20240131 and later QTS 4.2.6 build 20240131 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

Credit: security@qnapsecurity.com.tw

Affected Software	Affected Version	How to fix
QNAP QTS

Remedy

We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QTS 4.3.6.2665 build 20240131 and later QTS 4.3.4.2675 build 20240131 and later QTS 4.3.3.2644 build 20240131 and later QTS 4.2.6 build 20240131 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

Never miss a vulnerability like this again

Reference Links

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2023-47218

Frequently Asked Questions

What is the severity of CVE-2023-50358?
CVE-2023-50358 is considered to have a high severity due to its potential for OS command injection.
How do I fix CVE-2023-50358?
To fix CVE-2023-50358, update your QTS operating system to version 5.1.5.2645 or later.
Which QNAP operating system versions are affected by CVE-2023-50358?
CVE-2023-50358 affects several QNAP operating system versions prior to the patched 5.1.5.2645 build.
What could happen if CVE-2023-50358 is exploited?
If exploited, CVE-2023-50358 could allow unauthorized users to execute OS commands through the network.
Is there a workaround for CVE-2023-50358?
There are no reliable workarounds for CVE-2023-50358; the best course of action is to apply the software update.

agent/weakness
agent/title
agent/severity
agent/author
agent/remedy
agent/type
agent/description
agent/first-publish-date
collector/the-register
source/The Register
alias/CVE-2023-50358
alias/CVE-2023-47218
zeroday/true
agent/news-ai
agent/software-canonical-lookup
agent/softwarecombine
collector/nvd-api
source/NVD
alias/CVE-2024-27130
agent/references
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/tags
agent/trending
agent/source
vendor/qnap
canonical/qnap qts