A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.
We have already fixed the vulnerability in the following versions:
QuFirewall 2.3.3 ( 2023/03/27 ) and later
and later
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.qnap.com/en/security-advisory/qsa-23-14 |
![]() ![]() |
History
Tue, 24 Dec 2024 01:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 19 Dec 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QuFirewall 2.3.3 ( 2023/03/27 ) and later and later | |
Title | QuFirewall | |
Weaknesses | CWE-77 CWE-78 |
|
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: qnap
Published: 2024-12-19T01:39:15.645Z
Updated: 2024-12-24T00:41:02.334Z
Reserved: 2023-01-11T20:15:53.084Z
Link: CVE-2023-23356

Updated: 2024-12-24T00:31:37.392Z

Status : Received
Published: 2024-12-19T02:15:21.863
Modified: 2024-12-19T02:15:21.863
Link: CVE-2023-23356

No data.