Qnap Qufirewall vulnerabilities
3 known vulnerabilities affecting qnap/qufirewall.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2023-23356HIGHCVSS 7.2fixed in 2.3.32024-12-19
CVE-2023-23356 [MEDIUM] CWE-77 CVE-2023-23356: A command injection vulnerability has been reported to affect several QNAP operating system versions
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QuFirewall 2.3.3 ( 2023/03/27 ) and later
and later
nvd
CVE-2023-41290MEDIUMCVSS 4.9v2.4.02024-04-26
CVE-2023-41290 [MEDIUM] CWE-22 CVE-2023-41290: A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerabili
A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following version:
QuFirewall 2.4.1 ( 2024/02/01 ) and later
nvd
CVE-2023-41291MEDIUMCVSS 4.9fixed in 2.4.12024-04-26
CVE-2023-41291 [MEDIUM] CWE-22 CVE-2023-41291: A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerabili
A path traversal vulnerability has been reported to affect QuFirewall. If exploited, the vulnerability could allow authenticated administrators to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following version:
QuFirewall 2.4.1 ( 2024/02/01 ) and later
nvd