Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-45038

CWE-287 — Improper Authentication5 documents5 sources

Severity

8.8HIGH

EPSS

8.5%

top 7.61%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Qnap Systems Inc. Music Station Qnap Music Station

Timeline

PublishedSep 6

Description

An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Music Station 5.4.0 and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5qnap_systems_inc./music_station5.4.x — 5.4.0

▶NVDqnap/music_station5.0.0 — 5.4.0

🔴Vulnerability Details

CVEList

Music Station↗2024-09-06

▶

GHSA

GHSA-mp4c-v3vm-qr7w: An improper authentication vulnerability has been reported to affect Music Station↗2024-09-06

▶

VulnCheck

QNAP music_station Improper Authentication↗2023

▶

💥Exploits & PoCs

Nuclei

QNAP Music Station < 5.4.0 - Authentication Bypass

▶