CVE-2023-39296

A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to override existing attributes with ones that have incompatible type, which may lead to a crash via a network.

We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later

Published: Jan 5, 2024
Updated: Jan 12, 2024
CVE: CVE-2023-39296
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-1321

Affected Software
References

Software	From	Fixed in
qnap / qts	5.1.0.2348-build_20230325	5.1.0.2348-build_20230325.x
qnap / qts	5.1.0.2418-build_20230603	5.1.0.2418-build_20230603.x
qnap / qts	5.1.0.2399-build_20230515	5.1.0.2399-build_20230515.x
qnap / qts	5.1.0.2466-build_20230721	5.1.0.2466-build_20230721.x
qnap / qts	5.1.1.2491-build_20230815	5.1.1.2491-build_20230815.x
qnap / qts	5.1.0.2444-build_20230629	5.1.0.2444-build_20230629.x
qnap / qts	5.1.2.2533-build_20230926	5.1.2.2533-build_20230926.x
qnap / quts_hero	h5.1.0.2409-build_20230525	h5.1.0.2409-build_20230525.x
qnap / quts_hero	h5.1.1.2488-build_20230812	h5.1.1.2488-build_20230812.x
qnap / quts_hero	h5.1.0.2466-build_20230721	h5.1.0.2466-build_20230721.x
qnap / quts_hero	h5.1.0.2453-build_20230708	h5.1.0.2453-build_20230708.x
qnap / quts_hero	h5.1.0.2424-build_20230609	h5.1.0.2424-build_20230609.x
qnap / quts_hero	h5.1.2.2534-build_20230927	h5.1.2.2534-build_20230927.x

https://www.qnap.com/en/security-advisory/qsa-23-64

Vulnerability Database

289,697

CVE-2023-39296