Qnap Multimedia Console vulnerabilities

CVE-2023-23369 [CRITICAL] CWE-77 CVE-2023-23369: An OS command injection vulnerability has been reported to affect several QNAP operating system vers An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.2 ( 2023/05/04 ) and later Multimedia Console 1.4.8 ( 2023/05/05 ) a

CVE-2023-23364 [HIGH] CWE-120 CVE-2023-23364: A buffer copy without checking size of input vulnerability has been reported to affect QNAP operatin A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.1 ( 2023/03/29 ) and later Multimedia Console 1.4

CVE-2021-38684 [HIGH] CWE-787 CVE-2021-38684: A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Multimedia Consol A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Multimedia Console. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions of Multimedia Console: Multimedia Console 1.4.3 ( 2021/10/05 ) and later Multimedia Console 1.5.3 ( 2021/1

CVE-2020-36195 [CRITICAL] CWE-20 CVE-2020-36195: An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or th An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia Console and the Media Streaming add-on. QTS 4.3.3:

CVE-2020-2493 [MEDIUM] CWE-79 CVE-2020-2493: This cross-site scripting vulnerability in Multimedia Console allows remote attackers to inject mali This cross-site scripting vulnerability in Multimedia Console allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in Multimedia Console 1.1.5 and later.