cbcvebase.
CVE-2023-39294
published 2024-01-05

CVE-2023-39294: An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow…

PriorityP347high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.12%
62.2th percentile
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later

Affected

15 ranges
VendorProductVersion rangeFixed in
qnapqts
qnapqts
qnapqts
qnapqts
qnapqts
qnapqts
qnapqts
qnapquts_hero
qnapquts_hero
qnapquts_hero
qnapquts_hero
qnapquts_hero
qnapquts_hero
qnap_systems_incqts>= 5.1.x < 5.1.3.2578 build 202311105.1.3.2578 build 20231110
qnap_systems_incquts_hero>= h5.1.x < h5.1.3.2578 build 20231110h5.1.3.2578 build 20231110
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.