An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 4.3.6.2805 build 20240619 and later
QTS 4.3.4.2814 build 20240618 and later
QTS 4.3.3.2784 build 20240619 and later
QTS 4.2.6 build 20240618 and later
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Qnap |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
|
No data.
References
| Link | Providers |
|---|---|
| https://www.qnap.com/en/security-advisory/qsa-24-26 |
|
History
Tue, 24 Sep 2024 17:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:o:qnap:qts:4.2.6:build_20170517:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20190322:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20190730:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20190921:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20191107:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20200109:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20200421:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20200611:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20200821:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20210327:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20211215:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20220304:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20220623:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20221028:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20230621:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20240131:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0174:build_20170503:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0868:build_20190322:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0998:build_20190730:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1051:build_20190921:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1098:build_20191107:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1161:build_20200109:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1252:build_20200409:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1315:build_20200611:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1386:build_20200821:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1432:build_20201006:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1624:build_20210416:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1677:build_20210608:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1693:build_20210624:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1799:build_20211008:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1864:build_20211212:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1945:build_20220303:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.2057:build_20220623:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.2211:build_20221124:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.2420:build_20230621:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.2644:build_20240131:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.0899:build_20190322:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1029:build_20190730:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1082:build_20190921:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1190:build_20200107:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1282:build_20200408:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1368:build_20200703:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1417:build_20200821:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1463:build_20201006:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1632:build_20210324:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1652:build_20210413:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1976:build_20220303:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.2107:build_20220712:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.2242:build_20221124:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.2451:build_20230621:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.2675:build_20240131:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0895:build_20190328:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0907:build_20190409:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0923:build_20190425:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0944:build_20190516:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0959:build_20190531:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0979:build_20190620:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0993:build_20190704:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1013:build_20190724:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1033:build_20190813:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1070:build_20190919:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1154:build_20191212:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1218:build_20200214:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1263:build_20200330:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1286:build_20200422:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1333:build_20200608:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1411:build_20200825:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1446:build_20200929:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1620:build_20210322:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1663:build_20210504:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1711:build_20210621:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1750:build_20210730:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1831:build_20211019:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1907:build_20220103:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1965:build_20220302:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.2050:build_20220526:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.2232:build_20221124:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.2441:build_20230621:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.2665:build_20240131:*:*:*:*:*:* |
Fri, 06 Sep 2024 18:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Qnap
Qnap qts |
|
| CPEs | cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Qnap
Qnap qts |
|
| Metrics |
ssvc
|
Fri, 06 Sep 2024 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2805 build 20240619 and later QTS 4.3.4.2814 build 20240618 and later QTS 4.3.3.2784 build 20240619 and later QTS 4.2.6 build 20240618 and later | |
| Title | QTS | |
| Weaknesses | CWE-78 | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: qnap
Published: 2024-09-06T16:27:04.275Z
Updated: 2024-09-06T17:44:00.200Z
Reserved: 2023-07-27T06:46:01.477Z
Link: CVE-2023-39300
Vulnrichment
Updated: 2024-09-06T17:39:21.412Z
NVD
Status : Analyzed
Published: 2024-09-06T17:15:12.070
Modified: 2024-09-24T16:42:02.873
Link: CVE-2023-39300
Redhat
No data.