CVE-2023-50358

CWE-78OS Command Injection6 documents5 sources
Severity
5.8MEDIUM
EPSS
1.8%
top 17.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Qnap Systems Inc. QTSQnap Systems Inc. Quts HeroQnap Systems Inc. Qutscloud+3 more
Timeline
PublishedFeb 13

Description

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QTS 4.3.6.2665 build 20240131 and later QTS 4.3.4.2675 build 20240131 and later QTS 4.3.3.2644 build 20240131 and later QTS 4.2.6 build 20240131 and later QuTS h

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:LExploitability: 1.6 | Impact: 3.7

Affected Packages6 packages

CVEListV5qnap_systems_inc./quts_heroh5.xh5.1.5.2647 build 20240118+1
NVDqnap/quts_heroh4.5.0h4.5.4.2626+3
CVEListV5qnap_systems_inc./qutscloudc5.xc5.1.5.2651
NVDqnap/qutscloudc5.0.0.1919c5.1.5.2651
CVEListV5qnap_systems_inc./qts5.x5.1.5.2645 build 20240116+5

🔴Vulnerability Details

3
CVEList
QTS, QuTS hero, QuTScloud2024-02-13
GHSA
GHSA-975j-m6j8-qh4v: An OS command injection vulnerability has been reported to affect several QNAP operating system versions2024-02-13
VulnCheck
QNAP QTS Command Injection2023

🕵️Threat Intelligence

2
Unit42
New Vulnerability in QNAP QTS Firmware: CVE-2023-503582024-02-13
Unit42
New Vulnerability in QNAP QTS Firmware: CVE-2023-503582024-02-13
CVE-2023-50358 (MEDIUM CVSS 5.8) | An OS command injection vulnerabili | cvebase.io