CVE-2023-23368
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later
| Software | From | Fixed in |
|---|---|---|
| qnap / qts | 5.0.1.2346-build_20230322 | 5.0.1.2346-build_20230322.x |
| qnap / qts | 5.0.1.2277-build_20230112 | 5.0.1.2277-build_20230112.x |
| qnap / qts | 5.0.1.2248-build_20221215 | 5.0.1.2248-build_20221215.x |
| qnap / qts | 5.0.1.2234-build_20221201 | 5.0.1.2234-build_20221201.x |
| qnap / qts | 5.0.1.2194-build_20221022 | 5.0.1.2194-build_20221022.x |
| qnap / qts | 5.0.1.2173-build_20221001 | 5.0.1.2173-build_20221001.x |
| qnap / qts | 5.0.1.2145-build_20220903 | 5.0.1.2145-build_20220903.x |
| qnap / qts | 5.0.1.2137-build_20220826 | 5.0.1.2137-build_20220826.x |
| qnap / qts | 5.0.1.2131-build_20220820 | 5.0.1.2131-build_20220820.x |
| qnap / qts | 5.0.1.2079-build_20220629 | 5.0.1.2079-build_20220629.x |
| qnap / qts | 5.0.1.2034-build_20220515 | 5.0.1.2034-build_20220515.x |
| qnap / qts | 5.0.1 | 5.0.1.x |
| qnap / qts | 4.5.4.2280-build_20230112 | 4.5.4.2280-build_20230112.x |
| qnap / qts | 4.5.4.2117-build_20220802 | 4.5.4.2117-build_20220802.x |
| qnap / qts | 4.5.4.2012-build_20220419 | 4.5.4.2012-build_20220419.x |
| qnap / qts | 4.5.4.1931-build_20220128 | 4.5.4.1931-build_20220128.x |
| qnap / qts | 4.5.4.1800-build_20210923 | 4.5.4.1800-build_20210923.x |
| qnap / qts | 4.5.4.1787-build_20210910 | 4.5.4.1787-build_20210910.x |
| qnap / qts | 4.5.4.1741-build_20210726 | 4.5.4.1741-build_20210726.x |
| qnap / qts | 4.5.4.1723-build_20210708 | 4.5.4.1723-build_20210708.x |
| qnap / qts | 4.5.4.1715-build_20210630 | 4.5.4.1715-build_20210630.x |
| qnap / qts | 4.5.4.1892-build_20211223 | 4.5.4.1892-build_20211223.x |
| qnap / qts | 4.5.4 | 4.5.4.x |
| qnap / quts_hero | h5.0.1.2348-build_20230324 | h5.0.1.2348-build_20230324.x |
| qnap / quts_hero | h5.0.1.2277-build_20230112 | h5.0.1.2277-build_20230112.x |
| qnap / quts_hero | h5.0.1.2269-build_20230104 | h5.0.1.2269-build_20230104.x |
| qnap / quts_hero | h5.0.1.2248-build_20221215 | h5.0.1.2248-build_20221215.x |
| qnap / quts_hero | h5.0.1.2192-build_20221020 | h5.0.1.2192-build_20221020.x |
| qnap / quts_hero | h5.0.1.2045-build_20220526 | h5.0.1.2045-build_20220526.x |
| qnap / quts_hero | h4.5.4.2272-build_20230105 | h4.5.4.2272-build_20230105.x |
| qnap / quts_hero | h4.5.4.2217-build_20221111 | h4.5.4.2217-build_20221111.x |
| qnap / quts_hero | h4.5.4.2138-build_20220824 | h4.5.4.2138-build_20220824.x |
| qnap / quts_hero | h4.5.4.2052-build_20220530 | h4.5.4.2052-build_20220530.x |
| qnap / quts_hero | h4.5.4.1991-build_20220330 | h4.5.4.1991-build_20220330.x |
| qnap / quts_hero | h4.5.4.1971-build_20220310 | h4.5.4.1971-build_20220310.x |
| qnap / quts_hero | h4.5.4.1951-build_20220218 | h4.5.4.1951-build_20220218.x |
| qnap / quts_hero | h4.5.4.1892-build_20211223 | h4.5.4.1892-build_20211223.x |
| qnap / quts_hero | h4.5.4.1848-build_20211109 | h4.5.4.1848-build_20211109.x |
| qnap / quts_hero | h4.5.4.1813-build_20211006 | h4.5.4.1813-build_20211006.x |
| qnap / quts_hero | h4.5.4.1800-build_20210923 | h4.5.4.1800-build_20210923.x |
| qnap / quts_hero | h4.5.4.1771-build_20210825 | h4.5.4.1771-build_20210825.x |
| qnap / qutscloud | c5.0.1.2148-build_20220905 | c5.0.1.2148-build_20220905.x |
| qnap / qutscloud | c5.0.1.2044-build_20220524 | c5.0.1.2044-build_20220524.x |
| qnap / qutscloud | c5.0.1.1998-build_20220408 | c5.0.1.1998-build_20220408.x |
| qnap / qutscloud | c5.0.1.1949-build_20220218 | c5.0.1.1949-build_20220218.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime