CVE-2023-23368

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2023-23368
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2023-11-03 17:15:00 UTC
Updated2023-11-15 16:28:00 UTC
DescriptionAn OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later

Risk And Classification

Problem Types: CWE-78

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Qnap Qts 4.5.4 - All All
Operating System Qnap Qts 4.5.4.1715 build_20210630 All All
Operating System Qnap Qts 4.5.4.1723 build_20210708 All All
Operating System Qnap Qts 4.5.4.1741 build_20210726 All All
Operating System Qnap Qts 4.5.4.1787 build_20210910 All All
Operating System Qnap Qts 4.5.4.1800 build_20210923 All All
Operating System Qnap Qts 4.5.4.1892 build_20211223 All All
Operating System Qnap Qts 4.5.4.1931 build_20220128 All All
Operating System Qnap Qts 4.5.4.2012 build_20220419 All All
Operating System Qnap Qts 4.5.4.2117 build_20220802 All All
Operating System Qnap Qts 4.5.4.2280 build_20230112 All All
Operating System Qnap Qts 5.0.1 - All All
Operating System Qnap Qts 5.0.1.2034 build_20220515 All All
Operating System Qnap Qts 5.0.1.2079 build_20220629 All All
Operating System Qnap Qts 5.0.1.2131 build_20220820 All All
Operating System Qnap Qts 5.0.1.2137 build_20220826 All All
Operating System Qnap Qts 5.0.1.2145 build_20220903 All All
Operating System Qnap Qts 5.0.1.2173 build_20221001 All All
Operating System Qnap Qts 5.0.1.2194 build_20221022 All All
Operating System Qnap Qts 5.0.1.2234 build_20221201 All All
Operating System Qnap Qts 5.0.1.2248 build_20221215 All All
Operating System Qnap Qts 5.0.1.2277 build_20230112 All All
Operating System Qnap Qts 5.0.1.2346 build_20230322 All All
Operating System Qnap Qutscloud c5.0.1.1949 build_20220218 All All
Operating System Qnap Qutscloud c5.0.1.1998 build_20220408 All All
Operating System Qnap Qutscloud c5.0.1.2044 build_20220524 All All
Operating System Qnap Qutscloud c5.0.1.2148 build_20220905 All All
Operating System Qnap Quts Hero h4.5.4.1771 build_20210825 All All
Operating System Qnap Quts Hero h4.5.4.1800 build_20210923 All All
Operating System Qnap Quts Hero h4.5.4.1813 build_20211006 All All
Operating System Qnap Quts Hero h4.5.4.1848 build_20211109 All All
Operating System Qnap Quts Hero h4.5.4.1892 build_20211223 All All
Operating System Qnap Quts Hero h4.5.4.1951 build_20220218 All All
Operating System Qnap Quts Hero h4.5.4.1971 build_20220310 All All
Operating System Qnap Quts Hero h4.5.4.1991 build_20220330 All All
Operating System Qnap Quts Hero h4.5.4.2052 build_20220530 All All
Operating System Qnap Quts Hero h4.5.4.2138 build_20220824 All All
Operating System Qnap Quts Hero h4.5.4.2217 build_20221111 All All
Operating System Qnap Quts Hero h4.5.4.2272 build_20230105 All All
Operating System Qnap Quts Hero h5.0.1.2045 build_20220526 All All
Operating System Qnap Quts Hero h5.0.1.2192 build_20221020 All All
Operating System Qnap Quts Hero h5.0.1.2248 build_20221215 All All
Operating System Qnap Quts Hero h5.0.1.2269 build_20230104 All All
Operating System Qnap Quts Hero h5.0.1.2277 build_20230112 All All
Operating System Qnap Quts Hero h5.0.1.2348 build_20230324 All All

References

ReferenceSourceLinkTags
Vulnerability in QTS, QuTS hero, and QuTScloud - Security Advisory | QNAP MISC www.qnap.com
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 730968 QNAP QTS Command Injection Vulnerability (QSA-23-31)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report