An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 4.3.6.2805 build 20240619 and later
QTS 4.3.4.2814 build 20240618 and later
QTS 4.3.3.2784 build 20240619 and later
QTS 4.2.6 build 20240618 and later
We have already fixed the vulnerability in the following versions:
QTS 4.3.6.2805 build 20240619 and later
QTS 4.3.4.2814 build 20240618 and later
QTS 4.3.3.2784 build 20240619 and later
QTS 4.2.6 build 20240618 and later
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.qnap.com/en/security-advisory/qsa-24-26 |
![]() ![]() |
History
Tue, 24 Sep 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:o:qnap:qts:4.2.6:build_20170517:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20190322:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20190730:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20190921:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20191107:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20200109:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20200421:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20200611:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20200821:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20210327:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20211215:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20220304:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20220623:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20221028:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20230621:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20240131:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0174:build_20170503:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0868:build_20190322:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0998:build_20190730:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1051:build_20190921:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1098:build_20191107:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1161:build_20200109:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1252:build_20200409:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1315:build_20200611:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1386:build_20200821:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1432:build_20201006:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1624:build_20210416:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1677:build_20210608:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1693:build_20210624:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1799:build_20211008:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1864:build_20211212:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1945:build_20220303:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.2057:build_20220623:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.2211:build_20221124:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.2420:build_20230621:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.2644:build_20240131:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.0899:build_20190322:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1029:build_20190730:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1082:build_20190921:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1190:build_20200107:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1282:build_20200408:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1368:build_20200703:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1417:build_20200821:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1463:build_20201006:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1632:build_20210324:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1652:build_20210413:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1976:build_20220303:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.2107:build_20220712:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.2242:build_20221124:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.2451:build_20230621:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.2675:build_20240131:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0895:build_20190328:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0907:build_20190409:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0923:build_20190425:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0944:build_20190516:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0959:build_20190531:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0979:build_20190620:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0993:build_20190704:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1013:build_20190724:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1033:build_20190813:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1070:build_20190919:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1154:build_20191212:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1218:build_20200214:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1263:build_20200330:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1286:build_20200422:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1333:build_20200608:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1411:build_20200825:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1446:build_20200929:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1620:build_20210322:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1663:build_20210504:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1711:build_20210621:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1750:build_20210730:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1831:build_20211019:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1907:build_20220103:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1965:build_20220302:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.2050:build_20220526:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.2232:build_20221124:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.2441:build_20230621:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.2665:build_20240131:*:*:*:*:*:* |
Fri, 06 Sep 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Qnap
Qnap qts |
|
CPEs | cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:* | |
Vendors & Products |
Qnap
Qnap qts |
|
Metrics |
ssvc
|
Fri, 06 Sep 2024 16:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2805 build 20240619 and later QTS 4.3.4.2814 build 20240618 and later QTS 4.3.3.2784 build 20240619 and later QTS 4.2.6 build 20240618 and later | |
Title | QTS | |
Weaknesses | CWE-78 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: qnap
Published:
Updated: 2024-09-06T17:44:00.200Z
Reserved: 2023-07-27T06:46:01.477Z
Link: CVE-2023-39300

Updated: 2024-09-06T17:39:21.412Z

Status : Analyzed
Published: 2024-09-06T17:15:12.070
Modified: 2024-09-24T16:42:02.873
Link: CVE-2023-39300

No data.

No data.