Vulnerability CVE-2023-47565


Published: 2023-12-08   Modified: 2023-12-14

Description:
An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network.

We have already fixed the vulnerability in the following versions:

QVR Firmware 5.0.0 and later

Type:

CWE-78

(Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') )

Affected software
QNAP -> Qvr firmware 

 References:
https://www.qnap.com/en/security-advisory/qsa-23-48

Copyright 2024, cxsecurity.com

 

Back to Top