CVE-2023-50358
published 2024-02-13CVE-2023-50358: An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to…
PriorityP179medium5.8CVSS 3.1
AVAACHPRNUINSCCLILAL
ITWVulnCheck KEV
Exploited in the wild
EPSS
12.77%
95.8th percentile
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QTS 4.5.4.2627 build 20231225 and later
QTS 4.3.6.2665 build 20240131 and later
QTS 4.3.4.2675 build 20240131 and later
QTS 4.3.3.2644 build 20240131 and later
QTS 4.2.6 build 20240131 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | >= 4.2.0 < 4.2.6 | 4.2.6 |
| qnap | qts | >= 4.3.0 < 4.3.3.2644 | 4.3.3.2644 |
| qnap | qts | >= 4.3.4 < 4.3.4.2675 | 4.3.4.2675 |
| qnap | qts | >= 4.3.5 < 4.3.6.2665 | 4.3.6.2665 |
| qnap | qts | >= 4.5.1 < 4.5.4.2627 | 4.5.4.2627 |
| qnap | qts | >= 5.1.0 < 5.1.5.2645 | 5.1.5.2645 |
| qnap | quts_hero | — | — |
| qnap | quts_hero | — | — |
| qnap | quts_hero | >= h4.5.0 < h4.5.4.2626 | h4.5.4.2626 |
| qnap | quts_hero | >= h5.0.0 < h5.1.5.2647 | h5.1.5.2647 |
| qnap | qutscloud | >= c5.0.0.1919 < c5.1.5.2651 | c5.1.5.2651 |
| qnap_systems_inc | qts | >= 4.2.x < 4.2.6 build 20240131 | 4.2.6 build 20240131 |
| qnap_systems_inc | qts | >= 4.3.4 < 4.3.4.2675 build 20240131 | 4.3.4.2675 build 20240131 |
| qnap_systems_inc | qts | >= 4.3.6, 4.3.5 < 4.3.6.2665 build 20240131 | 4.3.6.2665 build 20240131 |
| qnap_systems_inc | qts | >= 4.3.x < 4.3.3.2644 build 20240131 | 4.3.3.2644 build 20240131 |
| qnap_systems_inc | qts | >= 4.5.x, 4.4.x < 4.5.4.2627 build 20231225 | 4.5.4.2627 build 20231225 |
| qnap_systems_inc | qts | >= 5.x < 5.1.5.2645 build 20240116 | 5.1.5.2645 build 20240116 |
| qnap_systems_inc | quts_hero | >= h4.x < h4.5.4.2626 build 20231225 | h4.5.4.2626 build 20231225 |
| qnap_systems_inc | quts_hero | >= h5.x < h5.1.5.2647 build 20240118 | h5.1.5.2647 build 20240118 |
| qnap_systems_inc | qutscloud | >= c5.x < c5.1.5.2651 | c5.1.5.2651 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerable endpoint is quick.cgi, accessible without authentication. Monitor for HTTP requests to /cgi-bin/quick/quick.cgi — an HTTP 200 (empty page) response indicates a vulnerable device, while HTTP 404 indicates it is not vulnerable. ↗
- →Exploitation is triggered via the HTTP request parameter todo=set_timeinfo with a malicious value in the SPECIFIC_SERVER parameter. Inspect POST/GET requests to quick.cgi for this parameter combination containing shell metacharacters. ↗
- →The injected command is ultimately executed via system() after being read from the NTP Address entry in quick_tmp.conf. Alert on unexpected child processes spawned from the quick.cgi or ntpdate process on QNAP devices. ↗
- →During a one-week period in mid-January 2024, vulnerable QNAP NAS devices were detected from 289,665 separate IP addresses globally. Prioritize scanning/blocking externally exposed QNAP NAS devices. ↗
- ·No authentication is required to reach the vulnerable quick.cgi endpoint, meaning any network-reachable attacker can exploit this vulnerability without credentials. ↗
CVSS provenance
nvdv3.15.8MEDIUMCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
vulncheck5.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-975j-m6j8-qh4v: An OS command injection vulnerability has been reported to affect several QNAP operating system versions
ghsa_unreviewed·2024-02-13
CVE-2023-50358 [MEDIUM] CWE-78 GHSA-975j-m6j8-qh4v: An OS command injection vulnerability has been reported to affect several QNAP operating system versions
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.5.2645 build 20240116 and later
QTS 4.5.4.2627 build 20231225 and later
QTS 4.3.6.2665 build 20240131 and later
QTS 4.3.4.2675 build 20240131 and later
QTS 4.3.3.2644 build 20240131 and later
QTS 4.2.6 build 20240131 and later
QuTS hero h5.1.5.2647 build 20240118 and later
QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.1.5.2651 and later
VulnCheck
QNAP QTS Command Injection
vulncheck·2023·CVSS 5.8
CVE-2023-50358 [MEDIUM] QNAP QTS Command Injection
QNAP QTS Command Injection
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
Affected: QNAP QTS
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-05-16&host_type=src&vulnerability=cve-2023-50358; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-05-30&host_type=src&vulnerability=cve-2023-50358; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-06-25&host_type=src&vulnerabi
No detection rules found.
No public exploits indexed.
Unit42
TOTOLINK X6000R: Three New Vulnerabilities Uncovered
blogs_unit42·2025-10-01·CVSS 7.0
CVE-2025-52905 [HIGH] TOTOLINK X6000R: Three New Vulnerabilities Uncovered
Threat Research Center
Threat Research
Vulnerabilities
## TOTOLINK X6000R: Three New Vulnerabilities Uncovered
Zhibin Zhang
Published: October 1, 2025
Threat Research
Vulnerabilities
CVE-2025-52905
CVE-2025-52906
CVE-2025-52907
IoT Vulnerability
Remote Code Execution
## Executive Summary
We have uncovered three vulnerabilities in the firmware of the TOTOLINK X6000R router, version V9.4.0cu.1360_B20241207, released on March 28, 2025:
CVE
Rating
Score
Description
CVE-2025-52905
High
CVSS-B 7.0
An argument injection flaw that attackers can use to trigger a denial of service (DoS), crashing the router or overwhelming remote servers.
CVE-2025-52906
Critical
CVSS-B 9.3
An unauthenticated command injection vulnerability that allows attackers to remotely execute arbit
Unit42
TOTOLINK X6000R: Three New Vulnerabilities Uncovered
blogs_unit42·2025-10-01·CVSS 7.0
CVE-2025-52905 [HIGH] TOTOLINK X6000R: Three New Vulnerabilities Uncovered
## Executive Summary
We have uncovered three vulnerabilities in the firmware of the TOTOLINK X6000R router, version V9.4.0cu.1360_B20241207, released on March 28, 2025:
CVE
Rating
Score
Description
CVE-2025-52905
High
CVSS-B 7.0
An argument injection flaw that attackers can use to trigger a denial of service (DoS), crashing the router or overwhelming remote servers.
CVE-2025-52906
Critical
CVSS-B 9.3
An unauthenticated command injection vulnerability that allows attackers to remotely execute arbitrary commands on the device.
CVE-2025-52907
High
CVSS-B 7.3
A security bypass that attackers can exploit to corrupt system files, cause a persistent denial-of-service, or achieve arbitrary file writes. Chaining attacks could lead to remote code execution (RCE).
TOTOLINK is a manufacturer of
Unit42
New Vulnerability in QNAP QTS Firmware: CVE-2023-50358
blogs_unit42·2024-02-13·CVSS 5.8
CVE-2023-50358 [MEDIUM] New Vulnerability in QNAP QTS Firmware: CVE-2023-50358
Threat Research Center
Threat Research
Vulnerabilities
## New Vulnerability in QNAP QTS Firmware: CVE-2023-50358
Chao Lei
Jeff Luo
Zhibin Zhang
Published: February 13, 2024
Threat Research
Vulnerabilities
CVE-2023-50358
IoT
IoT Vulnerability
QNAP Network Attached Storage
## Executive Summary
This article provides technical analysis on a zero-day vulnerability affecting QNAP Network Attached Storage (NAS) devices. Our Advanced Threat Prevention (ATP) and telemetry systems provided indicators of a previously unknown vulnerability in QNAP QTS and QuTS hero firmware. We provided our findings to the vendor, and QNAP has assigned the tracking ID CVE-2023-50358 to this new vulnerability. We also offer recommendations on how to defend against this newly-revealed threat.
QNAP is
Unit42
New Vulnerability in QNAP QTS Firmware: CVE-2023-50358
blogs_unit42·2024-02-13·CVSS 5.8
CVE-2023-50358 [MEDIUM] New Vulnerability in QNAP QTS Firmware: CVE-2023-50358
## Executive Summary
This article provides technical analysis on a zero-day vulnerability affecting QNAP Network Attached Storage (NAS) devices. Our Advanced Threat Prevention (ATP) and telemetry systems provided indicators of a previously unknown vulnerability in QNAP QTS and QuTS hero firmware. We provided our findings to the vendor, and QNAP has assigned the tracking ID CVE-2023-50358 to this new vulnerability. We also offer recommendations on how to defend against this newly-revealed threat.
QNAP is an acronym for Quality Network Appliance Provider. This acronym is the name for a company that specializes in various products, including operating systems for NAS devices. One such operating system is the QNAP Turbo NAS System (QTS). This QTS code is often embedded in the firmware of QNA
https://unit42.paloaltonetworks.com/qnap-qts-firmware-cve-2023-50358/https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-213941-1032https://www.qnap.com/en/security-advisory/qsa-23-57https://unit42.paloaltonetworks.com/qnap-qts-firmware-cve-2023-50358/https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-213941-1032https://www.qnap.com/en/security-advisory/qsa-23-57
2024-02-13
Published
Exploited in the wild