CVE-2023-47567

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.

We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later

Published: Feb 2, 2024
Updated: Feb 9, 2024
CVE: CVE-2023-47567
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-78

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
qnap / qts	5.1.0.2348-build_20230325	5.1.0.2348-build_20230325.x
qnap / qts	4.5.4.2280-build_20230112	4.5.4.2280-build_20230112.x
qnap / qts	4.5.4.2117-build_20220802	4.5.4.2117-build_20220802.x
qnap / qts	4.5.4.2012-build_20220419	4.5.4.2012-build_20220419.x
qnap / qts	4.5.4.1931-build_20220128	4.5.4.1931-build_20220128.x
qnap / qts	4.5.4.1800-build_20210923	4.5.4.1800-build_20210923.x
qnap / qts	4.5.4.1787-build_20210910	4.5.4.1787-build_20210910.x
qnap / qts	4.5.4.1741-build_20210726	4.5.4.1741-build_20210726.x
qnap / qts	4.5.4.1723-build_20210708	4.5.4.1723-build_20210708.x
qnap / qts	4.5.4.1715-build_20210630	4.5.4.1715-build_20210630.x
qnap / qts	4.5.4.1892-build_20211223	4.5.4.1892-build_20211223.x
qnap / quts_hero	h4.5.4.2272-build_20230105	h4.5.4.2272-build_20230105.x
qnap / quts_hero	h4.5.4.2217-build_20221111	h4.5.4.2217-build_20221111.x
qnap / quts_hero	h4.5.4.2138-build_20220824	h4.5.4.2138-build_20220824.x
qnap / quts_hero	h4.5.4.2052-build_20220530	h4.5.4.2052-build_20220530.x
qnap / quts_hero	h4.5.4.1991-build_20220330	h4.5.4.1991-build_20220330.x
qnap / quts_hero	h4.5.4.1971-build_20220310	h4.5.4.1971-build_20220310.x
qnap / quts_hero	h4.5.4.1951-build_20220218	h4.5.4.1951-build_20220218.x
qnap / quts_hero	h4.5.4.1892-build_20211223	h4.5.4.1892-build_20211223.x
qnap / quts_hero	h4.5.4.1848-build_20211109	h4.5.4.1848-build_20211109.x
qnap / quts_hero	h4.5.4.1813-build_20211006	h4.5.4.1813-build_20211006.x
qnap / quts_hero	h4.5.4.1800-build_20210923	h4.5.4.1800-build_20210923.x
qnap / quts_hero	h4.5.4.1771-build_20210825	h4.5.4.1771-build_20210825.x
qnap / qts	5.1.0.2418-build_20230603	5.1.0.2418-build_20230603.x
qnap / qts	5.1.0.2399-build_20230515	5.1.0.2399-build_20230515.x
qnap / qts	4.5.4.2374-build_20230416	4.5.4.2374-build_20230416.x
qnap / quts_hero	h5.1.0.2409-build_20230525	h5.1.0.2409-build_20230525.x
qnap / quts_hero	h4.5.4.2374-build_20230417	h4.5.4.2374-build_20230417.x
qnap / qts	5.1.0.2466-build_20230721	5.1.0.2466-build_20230721.x
qnap / qts	5.1.1.2491-build_20230815	5.1.1.2491-build_20230815.x
qnap / qts	5.1.0.2444-build_20230629	5.1.0.2444-build_20230629.x
qnap / quts_hero	h5.1.1.2488-build_20230812	h5.1.1.2488-build_20230812.x
qnap / quts_hero	h5.1.0.2466-build_20230721	h5.1.0.2466-build_20230721.x
qnap / quts_hero	h5.1.0.2453-build_20230708	h5.1.0.2453-build_20230708.x
qnap / quts_hero	h5.1.0.2424-build_20230609	h5.1.0.2424-build_20230609.x
qnap / qts	5.1.3.2578-build_20231110	5.1.3.2578-build_20231110.x
qnap / qts	5.1.2.2533-build_20230926	5.1.2.2533-build_20230926.x
qnap / quts_hero	h5.1.3.2578-build_20231110	h5.1.3.2578-build_20231110.x
qnap / quts_hero	h5.1.2.2534-build_20230927	h5.1.2.2534-build_20230927.x
qnap / qutscloud	c5.1.0.2498-build_20230822	c5.1.0.2498-build_20230822.x
qnap / quts_hero	h5.1.4.2596-build_20231128	h5.1.4.2596-build_20231128.x
qnap / qts	5.1.5.2645	5.1.5.2645.x
qnap / qts	5.1.4.2596-build_20231128	5.1.4.2596-build_20231128.x
qnap / quts_hero	h5.1.5.2647	h5.1.5.2647.x
qnap / qts	4.5.4.2627	4.5.4.2627.x
qnap / quts_hero	h4.5.4.2476-build_20230728	h4.5.4.2476-build_20230728.x
qnap / quts_hero	h4.5.4.2626	h4.5.4.2626.x

https://www.qnap.com/en/security-advisory/qsa-24-05

Vulnerability Database

289,599

CVE-2023-47567