CVSS 3.1 Score 5.3 of 10 (medium)


Published Feb 2, 2024
Updated: Feb 6, 2024
CWE ID 287


CVE-2023-39303 is an improper authentication vulnerability that affects multiple versions of QNAP operating systems. This vulnerability, if exploited, could allow an attacker to compromise the system's security through a network. The affected products include tyi1-g, tyCUYA, vAoQ5C, vAoQ5D, vAoQ4a, tyCUXw, vAoQ4Y, vAoQ4Z, tyCUXx, vAoQ4c, vAoQ4d, uGKRNb, tyi1-c, tyi1-d, tyi1-e, and tyi1-f. To remediate this vulnerability, users need to update their systems to the fixed versions: QTS build 20231110 and later; QuTS hero h5.1.3.2578 build 20231110 and later; QuTScloud c5.1.5.2651 and later. The potential danger posed to organizations includes unauthorized access and compromise of their systems' security integrity with a medium severity rating and low confidentiality impact as per the Common Vulnerability Scoring System (CVSS) version 3.1 assessment provided by [email protected].


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-39303 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options