cbcvebase.
CVE-2023-47220
published 2024-05-03

CVE-2023-47220: An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated…

PriorityP339medium6.6CVSS 3.1
AVNACLPRHUINSCCLILAL
EPSS
1.19%
64.1th percentile
An OS command injection vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later

Affected

2 ranges
VendorProductVersion rangeFixed in
qnapmedia_streaming_add-on>= 500.1.1.0 < 500.1.1.5500.1.1.5
qnap_systems_incmedia_streaming_add-on>= 500.1.x < 500.1.1.5 ( 2024/01/22 )500.1.1.5 ( 2024/01/22 )
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.