CVE-2023-39300

An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.

We have already fixed the vulnerability in the following versions: QTS 4.3.6.2805 build 20240619 and later QTS 4.3.4.2814 build 20240618 and later QTS 4.3.3.2784 build 20240619 and later QTS 4.2.6 build 20240618 and later

Published: Sep 6, 2024
Updated: May 4, 2025
CVE: CVE-2023-39300
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
qnap / qts	4.3.6.1831-build_20211019	4.3.6.1831-build_20211019.x
qnap / qts	4.3.6.1750-build_20210730	4.3.6.1750-build_20210730.x
qnap / qts	4.3.6.1711-build_20210621	4.3.6.1711-build_20210621.x
qnap / qts	4.3.6.1663-build_20210504	4.3.6.1663-build_20210504.x
qnap / qts	4.3.6.2050-build_20220526	4.3.6.2050-build_20220526.x
qnap / qts	4.3.6.1965-build_20220302	4.3.6.1965-build_20220302.x
qnap / qts	4.3.6.1033-build_20190813	4.3.6.1033-build_20190813.x
qnap / qts	4.3.6.1070-build_20190919	4.3.6.1070-build_20190919.x
qnap / qts	4.3.6.1154-build_20191212	4.3.6.1154-build_20191212.x
qnap / qts	4.3.6.1218-build_20200214	4.3.6.1218-build_20200214.x
qnap / qts	4.3.6.1263-build_20200330	4.3.6.1263-build_20200330.x
qnap / qts	4.3.6.1286-build_20200422	4.3.6.1286-build_20200422.x
qnap / qts	4.3.6.1333-build_20200608	4.3.6.1333-build_20200608.x
qnap / qts	4.3.6.1411-build_20200825	4.3.6.1411-build_20200825.x
qnap / qts	4.3.6.1446-build_20200929	4.3.6.1446-build_20200929.x
qnap / qts	4.3.6.1620-build_20210322	4.3.6.1620-build_20210322.x
qnap / qts	4.3.6.2232-build_20221124	4.3.6.2232-build_20221124.x
qnap / qts	4.3.6.1907-build_20220103	4.3.6.1907-build_20220103.x
qnap / qts	4.3.6.0907-build_20190409	4.3.6.0907-build_20190409.x
qnap / qts	4.3.6.0895-build_20190328	4.3.6.0895-build_20190328.x
qnap / qts	4.3.6.2441-build_20230621	4.3.6.2441-build_20230621.x
qnap / qts	4.3.6.2665-build_20240131	4.3.6.2665-build_20240131.x
qnap / qts	4.3.6.0923-build_20190425	4.3.6.0923-build_20190425.x
qnap / qts	4.3.6.0944-build_20190516	4.3.6.0944-build_20190516.x
qnap / qts	4.3.6.0959-build_20190531	4.3.6.0959-build_20190531.x
qnap / qts	4.3.6.0979-build_20190620	4.3.6.0979-build_20190620.x
qnap / qts	4.3.6.0993-build_20190704	4.3.6.0993-build_20190704.x
qnap / qts	4.3.6.1013-build_20190724	4.3.6.1013-build_20190724.x
qnap / qts	4.3.4.2242-build_20221124	4.3.4.2242-build_20221124.x
qnap / qts	4.3.4.2107-build_20220712	4.3.4.2107-build_20220712.x
qnap / qts	4.3.4.1976-build_20220303	4.3.4.1976-build_20220303.x
qnap / qts	4.3.4.1652-build_20210413	4.3.4.1652-build_20210413.x
qnap / qts	4.3.4.1632-build_20210324	4.3.4.1632-build_20210324.x
qnap / qts	4.3.4.1463-build_20201006	4.3.4.1463-build_20201006.x
qnap / qts	4.3.4.1417-build_20200821	4.3.4.1417-build_20200821.x
qnap / qts	4.3.4.1368-build_20200703	4.3.4.1368-build_20200703.x
qnap / qts	4.3.4.1282-build_20200408	4.3.4.1282-build_20200408.x
qnap / qts	4.3.4.1190-build_20200107	4.3.4.1190-build_20200107.x
qnap / qts	4.3.4.1082-build_20190921	4.3.4.1082-build_20190921.x
qnap / qts	4.3.4.1029-build_20190730	4.3.4.1029-build_20190730.x
qnap / qts	4.3.4.0899-build_20190322	4.3.4.0899-build_20190322.x
qnap / qts	4.3.4.2451-build_20230621	4.3.4.2451-build_20230621.x
qnap / qts	4.3.4.2675-build_20240131	4.3.4.2675-build_20240131.x
qnap / qts	4.3.3.2211-build_20221124	4.3.3.2211-build_20221124.x
qnap / qts	4.3.3.2057-build_20220623	4.3.3.2057-build_20220623.x
qnap / qts	4.3.3.1945-build_20220303	4.3.3.1945-build_20220303.x
qnap / qts	4.3.3.1864-build_20211212	4.3.3.1864-build_20211212.x
qnap / qts	4.3.3.1799-build_20211008	4.3.3.1799-build_20211008.x
qnap / qts	4.3.3.1693-build_20210624	4.3.3.1693-build_20210624.x
qnap / qts	4.3.3.1677-build_20210608	4.3.3.1677-build_20210608.x
qnap / qts	4.3.3.1624-build_20210416	4.3.3.1624-build_20210416.x
qnap / qts	4.3.3.1432-build_20201006	4.3.3.1432-build_20201006.x
qnap / qts	4.3.3.1386-build_20200821	4.3.3.1386-build_20200821.x
qnap / qts	4.3.3.1315-build_20200611	4.3.3.1315-build_20200611.x
qnap / qts	4.3.3.1252-build_20200409	4.3.3.1252-build_20200409.x
qnap / qts	4.3.3.1161-build_20200109	4.3.3.1161-build_20200109.x
qnap / qts	4.3.3.1098-build_20191107	4.3.3.1098-build_20191107.x
qnap / qts	4.3.3.1051-build_20190921	4.3.3.1051-build_20190921.x
qnap / qts	4.3.3.0998-build_20190730	4.3.3.0998-build_20190730.x
qnap / qts	4.3.3.0868-build_20190322	4.3.3.0868-build_20190322.x
qnap / qts	4.3.3.0174-build_20170503	4.3.3.0174-build_20170503.x
qnap / qts	4.3.3.2420-build_20230621	4.3.3.2420-build_20230621.x
qnap / qts	4.3.3.2644-build_20240131	4.3.3.2644-build_20240131.x
qnap / qts	4.2.6-build_20170517	4.2.6-build_20170517.x
qnap / qts	4.2.6-build_20190322	4.2.6-build_20190322.x
qnap / qts	4.2.6-build_20190730	4.2.6-build_20190730.x
qnap / qts	4.2.6-build_20190921	4.2.6-build_20190921.x
qnap / qts	4.2.6-build_20191107	4.2.6-build_20191107.x
qnap / qts	4.2.6-build_20200109	4.2.6-build_20200109.x
qnap / qts	4.2.6-build_20200421	4.2.6-build_20200421.x
qnap / qts	4.2.6-build_20200611	4.2.6-build_20200611.x
qnap / qts	4.2.6-build_20200821	4.2.6-build_20200821.x
qnap / qts	4.2.6-build_20210327	4.2.6-build_20210327.x
qnap / qts	4.2.6-build_20211215	4.2.6-build_20211215.x
qnap / qts	4.2.6-build_20221028	4.2.6-build_20221028.x
qnap / qts	4.2.6-build_20220623	4.2.6-build_20220623.x
qnap / qts	4.2.6-build_20220304	4.2.6-build_20220304.x
qnap / qts	4.2.6-build_20230621	4.2.6-build_20230621.x
qnap / qts	4.2.6-build_20240131	4.2.6-build_20240131.x

https://www.qnap.com/en/security-advisory/qsa-24-26

Vulnerability Database

289,599

CVE-2023-39300