Description
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTScloud c5.1.0.2498 and later
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Affected products
- QNAP Systems Inc. / QTS5.0.x – 5.0.1.2376 build 20230421
- QNAP Systems Inc. / QuTScloudc5.x.x – c5.1.0.2498
- QNAP Systems Inc. / QuTS heroh5.0.x – h5.0.1.2376 build 20230421