// For flags

CVE-2023-23369

QTS, Multimedia Console, and Media Streaming add-on

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.

We have already fixed the vulnerability in the following versions:
Multimedia Console 2.1.2 ( 2023/05/04 ) and later
Multimedia Console 1.4.8 ( 2023/05/05 ) and later
QTS 5.1.0.2399 build 20230515 and later
QTS 4.3.6.2441 build 20230621 and later
QTS 4.3.4.2451 build 20230621 and later
QTS 4.3.3.2420 build 20230621 and later
QTS 4.2.6 build 20230621 and later
Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later
Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later

Se ha informado que una vulnerabilidad de inyección de comandos del sistema operativo afecta a varias versiones del sistema operativo QNAP. Si se explota, la vulnerabilidad podría permitir a los usuarios ejecutar comandos a través de una red. Ya hemos solucionado la vulnerabilidad en las siguientes versiones: Multimedia Console 2.1.2 ( 2023/05/04 ) y posteriores Multimedia Console 1.4.8 ( 2023/05/05 ) y posteriores QTS 5.1.0.2399 build 20230515 y posteriores QTS 4.3.6.2441 build 20230621 y posteriores QTS 4.3.4.2451 build 20230621 y posteriores QTS 4.3.3.2420 build 20230621 y posteriores QTS 4.2.6 build 20230621 y posteriores Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) y posteriores Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) y posteriores

*Credits: Eqqie
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-01-11 CVE Reserved
  • 2023-11-03 CVE Published
  • 2024-08-02 CVE Updated
  • 2024-11-09 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
  • CAPEC-88: OS Command Injection
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
5.1.0.2348
Search vendor "Qnap" for product "Qts" and version "5.1.0.2348"
build_20230325
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.0895
Search vendor "Qnap" for product "Qts" and version "4.3.6.0895"
build_20190328
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.0907
Search vendor "Qnap" for product "Qts" and version "4.3.6.0907"
build_20190409
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.0923
Search vendor "Qnap" for product "Qts" and version "4.3.6.0923"
build_20190425
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.0944
Search vendor "Qnap" for product "Qts" and version "4.3.6.0944"
build_20190516
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.0959
Search vendor "Qnap" for product "Qts" and version "4.3.6.0959"
build_20190531
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.0979
Search vendor "Qnap" for product "Qts" and version "4.3.6.0979"
build_20190620
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.0993
Search vendor "Qnap" for product "Qts" and version "4.3.6.0993"
build_20190704
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.1013
Search vendor "Qnap" for product "Qts" and version "4.3.6.1013"
build_20190724
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.1033
Search vendor "Qnap" for product "Qts" and version "4.3.6.1033"
build_20190813
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.1070
Search vendor "Qnap" for product "Qts" and version "4.3.6.1070"
build_20190919
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.1154
Search vendor "Qnap" for product "Qts" and version "4.3.6.1154"
build_20191212
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.1218
Search vendor "Qnap" for product "Qts" and version "4.3.6.1218"
build_20200214
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.1263
Search vendor "Qnap" for product "Qts" and version "4.3.6.1263"
build_20200330
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.1286
Search vendor "Qnap" for product "Qts" and version "4.3.6.1286"
build_20200422
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.1333
Search vendor "Qnap" for product "Qts" and version "4.3.6.1333"
build_20200608
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.1411
Search vendor "Qnap" for product "Qts" and version "4.3.6.1411"
build_20200825
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.1446
Search vendor "Qnap" for product "Qts" and version "4.3.6.1446"
build_20200929
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.1620
Search vendor "Qnap" for product "Qts" and version "4.3.6.1620"
build_20210322
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.1663
Search vendor "Qnap" for product "Qts" and version "4.3.6.1663"
build_20210504
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.1711
Search vendor "Qnap" for product "Qts" and version "4.3.6.1711"
build_20210621
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.1750
Search vendor "Qnap" for product "Qts" and version "4.3.6.1750"
build_20210730
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.1831
Search vendor "Qnap" for product "Qts" and version "4.3.6.1831"
build_20211019
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.1907
Search vendor "Qnap" for product "Qts" and version "4.3.6.1907"
build_20220103
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.1965
Search vendor "Qnap" for product "Qts" and version "4.3.6.1965"
build_20220302
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.2050
Search vendor "Qnap" for product "Qts" and version "4.3.6.2050"
build_20220526
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.6.2232
Search vendor "Qnap" for product "Qts" and version "4.3.6.2232"
build_20221124
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.4.0899
Search vendor "Qnap" for product "Qts" and version "4.3.4.0899"
build_20190322
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.4.1029
Search vendor "Qnap" for product "Qts" and version "4.3.4.1029"
build_20190730
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.4.1082
Search vendor "Qnap" for product "Qts" and version "4.3.4.1082"
build_20190921
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.4.1190
Search vendor "Qnap" for product "Qts" and version "4.3.4.1190"
build_20200107
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.4.1282
Search vendor "Qnap" for product "Qts" and version "4.3.4.1282"
build_20200408
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.4.1368
Search vendor "Qnap" for product "Qts" and version "4.3.4.1368"
build_20200703
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.4.1417
Search vendor "Qnap" for product "Qts" and version "4.3.4.1417"
build_20200821
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.4.1463
Search vendor "Qnap" for product "Qts" and version "4.3.4.1463"
build_20201006
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.4.1632
Search vendor "Qnap" for product "Qts" and version "4.3.4.1632"
build_20210324
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.4.1652
Search vendor "Qnap" for product "Qts" and version "4.3.4.1652"
build_20210413
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.4.1976
Search vendor "Qnap" for product "Qts" and version "4.3.4.1976"
build_20220303
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.4.2107
Search vendor "Qnap" for product "Qts" and version "4.3.4.2107"
build_20220712
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.4.2242
Search vendor "Qnap" for product "Qts" and version "4.3.4.2242"
build_20221124
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0174
Search vendor "Qnap" for product "Qts" and version "4.3.3.0174"
build_20170503
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0868
Search vendor "Qnap" for product "Qts" and version "4.3.3.0868"
build_20190322
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.0998
Search vendor "Qnap" for product "Qts" and version "4.3.3.0998"
build_20190730
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.1051
Search vendor "Qnap" for product "Qts" and version "4.3.3.1051"
build_20190921
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.1098
Search vendor "Qnap" for product "Qts" and version "4.3.3.1098"
build_20191107
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.1161
Search vendor "Qnap" for product "Qts" and version "4.3.3.1161"
build_20200109
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.1252
Search vendor "Qnap" for product "Qts" and version "4.3.3.1252"
build_20200409
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.1315
Search vendor "Qnap" for product "Qts" and version "4.3.3.1315"
build_20200611
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.1386
Search vendor "Qnap" for product "Qts" and version "4.3.3.1386"
build_20200821
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.1432
Search vendor "Qnap" for product "Qts" and version "4.3.3.1432"
build_20201006
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.1624
Search vendor "Qnap" for product "Qts" and version "4.3.3.1624"
build_20210416
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.1677
Search vendor "Qnap" for product "Qts" and version "4.3.3.1677"
build_20210608
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.1693
Search vendor "Qnap" for product "Qts" and version "4.3.3.1693"
build_20210624
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.1799
Search vendor "Qnap" for product "Qts" and version "4.3.3.1799"
build_20211008
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.1864
Search vendor "Qnap" for product "Qts" and version "4.3.3.1864"
build_20211212
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.1945
Search vendor "Qnap" for product "Qts" and version "4.3.3.1945"
build_20220303
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.2057
Search vendor "Qnap" for product "Qts" and version "4.3.3.2057"
build_20220623
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.3.3.2211
Search vendor "Qnap" for product "Qts" and version "4.3.3.2211"
build_20221124
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.2.6
Search vendor "Qnap" for product "Qts" and version "4.2.6"
build_20170517
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.2.6
Search vendor "Qnap" for product "Qts" and version "4.2.6"
build_20190322
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.2.6
Search vendor "Qnap" for product "Qts" and version "4.2.6"
build_20190730
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.2.6
Search vendor "Qnap" for product "Qts" and version "4.2.6"
build_20190921
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.2.6
Search vendor "Qnap" for product "Qts" and version "4.2.6"
build_20191107
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.2.6
Search vendor "Qnap" for product "Qts" and version "4.2.6"
build_20200109
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.2.6
Search vendor "Qnap" for product "Qts" and version "4.2.6"
build_20200421
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.2.6
Search vendor "Qnap" for product "Qts" and version "4.2.6"
build_20200611
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.2.6
Search vendor "Qnap" for product "Qts" and version "4.2.6"
build_20200821
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.2.6
Search vendor "Qnap" for product "Qts" and version "4.2.6"
build_20210327
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.2.6
Search vendor "Qnap" for product "Qts" and version "4.2.6"
build_20211215
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.2.6
Search vendor "Qnap" for product "Qts" and version "4.2.6"
build_20220304
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.2.6
Search vendor "Qnap" for product "Qts" and version "4.2.6"
build_20220623
Affected
Qnap
Search vendor "Qnap"
Qts
Search vendor "Qnap" for product "Qts"
4.2.6
Search vendor "Qnap" for product "Qts" and version "4.2.6"
build_20221028
Affected
Qnap
Search vendor "Qnap"
Multimedia Console
Search vendor "Qnap" for product "Multimedia Console"
2.1.0
Search vendor "Qnap" for product "Multimedia Console" and version "2.1.0"
-
Affected
Qnap
Search vendor "Qnap"
Multimedia Console
Search vendor "Qnap" for product "Multimedia Console"
2.1.1
Search vendor "Qnap" for product "Multimedia Console" and version "2.1.1"
-
Affected
Qnap
Search vendor "Qnap"
Multimedia Console
Search vendor "Qnap" for product "Multimedia Console"
1.4.3
Search vendor "Qnap" for product "Multimedia Console" and version "1.4.3"
-
Affected
Qnap
Search vendor "Qnap"
Multimedia Console
Search vendor "Qnap" for product "Multimedia Console"
1.4.4
Search vendor "Qnap" for product "Multimedia Console" and version "1.4.4"
-
Affected
Qnap
Search vendor "Qnap"
Multimedia Console
Search vendor "Qnap" for product "Multimedia Console"
1.4.5
Search vendor "Qnap" for product "Multimedia Console" and version "1.4.5"
-
Affected
Qnap
Search vendor "Qnap"
Multimedia Console
Search vendor "Qnap" for product "Multimedia Console"
1.4.6
Search vendor "Qnap" for product "Multimedia Console" and version "1.4.6"
-
Affected
Qnap
Search vendor "Qnap"
Multimedia Console
Search vendor "Qnap" for product "Multimedia Console"
1.4.7
Search vendor "Qnap" for product "Multimedia Console" and version "1.4.7"
-
Affected
Qnap
Search vendor "Qnap"
Media Streaming Add-on
Search vendor "Qnap" for product "Media Streaming Add-on"
500.1.1.0
Search vendor "Qnap" for product "Media Streaming Add-on" and version "500.1.1.0"
-
Affected
Qnap
Search vendor "Qnap"
Media Streaming Add-on
Search vendor "Qnap" for product "Media Streaming Add-on"
500.1.1.1
Search vendor "Qnap" for product "Media Streaming Add-on" and version "500.1.1.1"
-
Affected
Qnap
Search vendor "Qnap"
Media Streaming Add-on
Search vendor "Qnap" for product "Media Streaming Add-on"
500.0.0.0
Search vendor "Qnap" for product "Media Streaming Add-on" and version "500.0.0.0"
-
Affected
Qnap
Search vendor "Qnap"
Media Streaming Add-on
Search vendor "Qnap" for product "Media Streaming Add-on"
500.0.0.1
Search vendor "Qnap" for product "Media Streaming Add-on" and version "500.0.0.1"
-
Affected
Qnap
Search vendor "Qnap"
Media Streaming Add-on
Search vendor "Qnap" for product "Media Streaming Add-on"
500.0.0.3
Search vendor "Qnap" for product "Media Streaming Add-on" and version "500.0.0.3"
-
Affected
Qnap
Search vendor "Qnap"
Media Streaming Add-on
Search vendor "Qnap" for product "Media Streaming Add-on"
500.0.0.4
Search vendor "Qnap" for product "Media Streaming Add-on" and version "500.0.0.4"
-
Affected
Qnap
Search vendor "Qnap"
Media Streaming Add-on
Search vendor "Qnap" for product "Media Streaming Add-on"
500.0.0.5
Search vendor "Qnap" for product "Media Streaming Add-on" and version "500.0.0.5"
-
Affected
Qnap
Search vendor "Qnap"
Media Streaming Add-on
Search vendor "Qnap" for product "Media Streaming Add-on"
500.0.0.6
Search vendor "Qnap" for product "Media Streaming Add-on" and version "500.0.0.6"
-
Affected
Qnap
Search vendor "Qnap"
Media Streaming Add-on
Search vendor "Qnap" for product "Media Streaming Add-on"
500.0.0.7
Search vendor "Qnap" for product "Media Streaming Add-on" and version "500.0.0.7"
-
Affected
Qnap
Search vendor "Qnap"
Media Streaming Add-on
Search vendor "Qnap" for product "Media Streaming Add-on"
500.0.0.8
Search vendor "Qnap" for product "Media Streaming Add-on" and version "500.0.0.8"
-
Affected
Qnap
Search vendor "Qnap"
Media Streaming Add-on
Search vendor "Qnap" for product "Media Streaming Add-on"
500.0.0.9
Search vendor "Qnap" for product "Media Streaming Add-on" and version "500.0.0.9"
-
Affected
Qnap
Search vendor "Qnap"
Media Streaming Add-on
Search vendor "Qnap" for product "Media Streaming Add-on"
500.0.0.10
Search vendor "Qnap" for product "Media Streaming Add-on" and version "500.0.0.10"
-
Affected