An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 4.5.4.2790 build 20240605 and later
QuTS hero h4.5.4.2790 build 20240606 and later
References
Link | Resource |
---|---|
https://www.qnap.com/en/security-advisory/qsa-24-32 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
17 Sep 2024, 16:54
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:qnap:quts_hero:h4.5.4.1971:build_20220310:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h4.5.4.1813:build_20211006:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h4.5.4.2626:build_20231225:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.5.4.1723:build_20210708:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.5.4.2627:build_20231225:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.5.4.2117:build_20220802:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h4.5.4.1991:build_20220330:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h4.5.4.2374:build_20230417:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.5.4.1787:build_20210910:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h4.5.4.2476:build_20230728:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.5.4.1892:build_20211223:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.5.4.1800:build_20210923:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.5.4.1931:build_20220128:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.5.4.2467:build_20230718:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.5.4.1741:build_20210726:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.5.4.2374:build_20230416:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h4.5.4.2272:build_20230105:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h4.5.4.2052:build_20220530:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h4.5.4.1892:build_20211223:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h4.5.4.1951:build_20220218:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h4.5.4.1848:build_20211109:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h4.5.4.2217:build_20221111:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.5.4.2012:build_20220419:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h4.5.4.1771:build_20210825:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.5.4.2280:build_20230112:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h4.5.4.1800:build_20210923:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.5.4.1715:build_20210630:*:*:*:*:*:* cpe:2.3:o:qnap:quts_hero:h4.5.4.2138:build_20220824:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
First Time |
Qnap qts
Qnap quts Hero Qnap |
|
References | () https://www.qnap.com/en/security-advisory/qsa-24-32 - Vendor Advisory |
09 Sep 2024, 13:03
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
06 Sep 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-06 17:15
Updated : 2024-09-17 16:54
NVD link : CVE-2023-34979
Mitre link : CVE-2023-34979
CVE.ORG link : CVE-2023-34979
JSON object : View
Products Affected
qnap
- qts
- quts_hero
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')