CVE-2023-47220

CWE-78OS Command Injection3 documents3 sources
Severity
6.6MEDIUM
EPSS
0.1%
top 66.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems Inc. Media Streaming Add-onQnap Media Streaming Add-on
Timeline
PublishedMay 3

Description

An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:LExploitability: 2.3 | Impact: 3.7

Affected Packages2 packages

NVDqnap/media_streaming_add-on500.1.1.0500.1.1.5
CVEListV5qnap_systems_inc./media_streaming_add-on500.1.x500.1.1.5 ( 2024/01/22 )

🔴Vulnerability Details

2
GHSA
GHSA-q5v5-v9rx-98qf: An OS command injection vulnerability has been reported to affect Media Streaming add-on2024-05-03
CVEList
Media Streaming add-on2024-05-03
CVE-2023-47220 (MEDIUM CVSS 6.6) | An OS command injection vulnerabili | cvebase.io