CVE-2023-23367
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTScloud c5.1.0.2498 and later
| Software | From | Fixed in |
|---|---|---|
| qnap / qts | 5.0.1.2346-build_20230322 | 5.0.1.2346-build_20230322.x |
| qnap / qts | 5.0.1.2277-build_20230112 | 5.0.1.2277-build_20230112.x |
| qnap / qts | 5.0.1.2248-build_20221215 | 5.0.1.2248-build_20221215.x |
| qnap / qts | 5.0.1.2234-build_20221201 | 5.0.1.2234-build_20221201.x |
| qnap / qts | 5.0.1.2194-build_20221022 | 5.0.1.2194-build_20221022.x |
| qnap / qts | 5.0.1.2173-build_20221001 | 5.0.1.2173-build_20221001.x |
| qnap / qts | 5.0.1.2145-build_20220903 | 5.0.1.2145-build_20220903.x |
| qnap / qts | 5.0.1.2137-build_20220826 | 5.0.1.2137-build_20220826.x |
| qnap / qts | 5.0.1.2131-build_20220820 | 5.0.1.2131-build_20220820.x |
| qnap / qts | 5.0.1.2079-build_20220629 | 5.0.1.2079-build_20220629.x |
| qnap / qts | 5.0.1.2034-build_20220515 | 5.0.1.2034-build_20220515.x |
| qnap / qts | 5.0.0.1870-build_20211201 | 5.0.0.1870-build_20211201.x |
| qnap / qts | 5.0.0.1858-build_20211119 | 5.0.0.1858-build_20211119.x |
| qnap / qts | 5.0.0.1853-build_20211114 | 5.0.0.1853-build_20211114.x |
| qnap / qts | 5.0.0.1850-build_20211111 | 5.0.0.1850-build_20211111.x |
| qnap / qts | 5.0.0.1837-build_20211029 | 5.0.0.1837-build_20211029.x |
| qnap / qts | 5.0.0.1828-build_20211020 | 5.0.0.1828-build_20211020.x |
| qnap / qts | 5.0.0.1808-build_20211001 | 5.0.0.1808-build_20211001.x |
| qnap / qts | 5.0.0.1785-build_20210908 | 5.0.0.1785-build_20210908.x |
| qnap / qts | 5.0.0.1716-build_20210701 | 5.0.0.1716-build_20210701.x |
| qnap / quts_hero | h5.0.1.2348-build_20230324 | h5.0.1.2348-build_20230324.x |
| qnap / quts_hero | h5.0.1.2277-build_20230112 | h5.0.1.2277-build_20230112.x |
| qnap / quts_hero | h5.0.1.2269-build_20230104 | h5.0.1.2269-build_20230104.x |
| qnap / quts_hero | h5.0.1.2248-build_20221215 | h5.0.1.2248-build_20221215.x |
| qnap / quts_hero | h5.0.1.2192-build_20221020 | h5.0.1.2192-build_20221020.x |
| qnap / quts_hero | h5.0.1.2045-build_20220526 | h5.0.1.2045-build_20220526.x |
| qnap / quts_hero | h5.0.0.2120-build_20220804 | h5.0.0.2120-build_20220804.x |
| qnap / quts_hero | h5.0.0.2069-build_20220614 | h5.0.0.2069-build_20220614.x |
| qnap / quts_hero | h5.0.0.2022-build_20220428 | h5.0.0.2022-build_20220428.x |
| qnap / quts_hero | h5.0.0.1986-build_20220324 | h5.0.0.1986-build_20220324.x |
| qnap / quts_hero | h5.0.0.1949-build_20220215 | h5.0.0.1949-build_20220215.x |
| qnap / quts_hero | h5.0.0.1900-build_20211228 | h5.0.0.1900-build_20211228.x |
| qnap / quts_hero | h5.0.0.1892-build_20211222 | h5.0.0.1892-build_20211222.x |
| qnap / quts_hero | h5.0.0.1856-build_20211117 | h5.0.0.1856-build_20211117.x |
| qnap / quts_hero | h5.0.0.1844-build_20211105 | h5.0.0.1844-build_20211105.x |
| qnap / quts_hero | h5.0.0.1772-build_20210826 | h5.0.0.1772-build_20210826.x |
| qnap / qutscloud | c5.0.1.2148-build_20220905 | c5.0.1.2148-build_20220905.x |
| qnap / qutscloud | c5.0.1.2044-build_20220524 | c5.0.1.2044-build_20220524.x |
| qnap / qutscloud | c5.0.1.1998-build_20220408 | c5.0.1.1998-build_20220408.x |
| qnap / qutscloud | c5.0.1.1949-build_20220218 | c5.0.1.1949-build_20220218.x |
| qnap / qutscloud | c5.0.1.2374-build_20230419 | c5.0.1.2374-build_20230419.x |
| qnap / qutscloud | c5.0.0.1919-build_20220119 | c5.0.0.1919-build_20220119.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime