CVE-2023-39294

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Jan 5, 2024

Updated: Jan 11, 2024

CWE ID 78

Summary

CVE-2023-39294 is an OS command injection vulnerability that affects several QNAP operating system versions. This issue enables authenticated administrators to execute commands via a network, posing a significant security risk. The vulnerability has been addressed in QTS 5.1.3.2578 build 20231110 and later, as well as QuTS hero h5.1.3.2578 build 20231110 and later. Users are strongly urged to update their systems to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

QNAP QTS

Affected Vendors

QNAP Systems

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sIary6
https://www.cve.org/CVERecord?id=CVE-2023-39294
https://nvd.nist.gov/vuln/detail/CVE-2023-39294

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Threats to the 2025 NATO Summit

Know What Matters

For Customers

For Partners