CVE-2023-39301
published 2023-11-03CVE-2023-39301: A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could…
PriorityP422medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
EPSS
0.34%
25.4th percentile
A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2514 build 20230906 and later
QTS 5.1.1.2491 build 20230815 and later
QuTS hero h5.0.1.2515 build 20230907 and later
QuTS hero h5.1.1.2488 build 20230812 and later
QuTScloud c5.1.0.2498 and later
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qnap | qts | < 5.1.1.2491 | 5.1.1.2491 |
| qnap | qts | < 5.0.1.2514 | 5.0.1.2514 |
| qnap | quts_hero | < h5.1.1.2488 | h5.1.1.2488 |
| qnap | quts_hero | < h5.0.1.2515 | h5.0.1.2515 |
| qnap | qutscloud | < c5.1.0.2498 | c5.1.0.2498 |
| qnap_systems_inc | qts | >= 5.0.x < 5.0.1.2514 build 20230906 | 5.0.1.2514 build 20230906 |
| qnap_systems_inc | qts | >= 5.1.x < 5.1.1.2491 build 20230815 | 5.1.1.2491 build 20230815 |
| qnap_systems_inc | quts_hero | >= h5.0.x < h5.0.1.2515 build 20230907 | h5.0.1.2515 build 20230907 |
| qnap_systems_inc | quts_hero | >= h5.1.x < h5.1.1.2488 build 20230812 | h5.1.1.2488 build 20230812 |
| qnap_systems_inc | qutscloud | >= c5.x.x < c5.1.0.2498 | c5.1.0.2498 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-11-03
Published