Home

Description

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. QuTScloud is not affected. We have already fixed the vulnerability in the following versions: QuTS hero h4.5.4.2626 build 20231225 and later QTS 4.5.4.2627 build 20231225 and later

PUBLISHED Reserved 2023-06-08 | Published 2023-10-13 | Updated 2026-01-12 | Assigner qnap




MEDIUM: 6.6CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

Problem types

CWE-78

Product status

Default status
unaffected

h4.5.x (custom) before h4.5.4.2626 build 20231225
affected

Default status
unaffected

4.5.x (custom) before 4.5.4.2627 build 20231225
affected

Default status
unaffected

c5.x.x (custom) before 4.5.4.2627 build 20231225
unaffected

Credits

Tyaoo、0x14 finder

References

www.qnap.com/en/security-advisory/qsa-24-12

www.qnap.com/en/security-advisory/qsa-24-12

cve.org (CVE-2023-34975)

nvd.nist.gov (CVE-2023-34975)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.