An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 4.3.6.2805 build 20240619 and later
QTS 4.3.4.2814 build 20240618 and later
QTS 4.3.3.2784 build 20240619 and later
QTS 4.2.6 build 20240618 and later
References
Link | Resource |
---|---|
https://www.qnap.com/en/security-advisory/qsa-24-26 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
24 Sep 2024, 16:42
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.qnap.com/en/security-advisory/qsa-24-26 - Vendor Advisory | |
CPE | cpe:2.3:o:qnap:qts:4.3.6.1333:build_20200608:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1282:build_20200408:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1446:build_20200929:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1368:build_20200703:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1218:build_20200214:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0923:build_20190425:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0895:build_20190328:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1386:build_20200821:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20230621:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20211215:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1677:build_20210608:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.2441:build_20230621:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1161:build_20200109:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20191107:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1417:build_20200821:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1632:build_20210324:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1750:build_20210730:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1190:build_20200107:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.2644:build_20240131:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20200821:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1799:build_20211008:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1082:build_20190921:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1864:build_20211212:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.2232:build_20221124:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0959:build_20190531:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20190730:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1432:build_20201006:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0907:build_20190409:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20190322:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.2675:build_20240131:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0868:build_20190322:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.2420:build_20230621:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1652:build_20210413:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.2050:build_20220526:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0944:build_20190516:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1013:build_20190724:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20220623:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1620:build_20210322:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1624:build_20210416:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1663:build_20210504:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1411:build_20200825:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1051:build_20190921:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.0899:build_20190322:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1070:build_20190919:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20190921:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1907:build_20220103:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1463:build_20201006:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1154:build_20191212:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1263:build_20200330:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1033:build_20190813:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20200109:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1098:build_20191107:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20170517:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.2211:build_20221124:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1029:build_20190730:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.2057:build_20220623:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20200421:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1693:build_20210624:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1286:build_20200422:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0979:build_20190620:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1945:build_20220303:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20200611:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1831:build_20211019:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.2242:build_20221124:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.1976:build_20220303:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.2107:build_20220712:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1252:build_20200409:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20220304:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1965:build_20220302:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20210327:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20240131:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.2.6:build_20221028:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.1315:build_20200611:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.0993:build_20190704:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.2665:build_20240131:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.4.2451:build_20230621:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0174:build_20170503:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.3.0998:build_20190730:*:*:*:*:*:* cpe:2.3:o:qnap:qts:4.3.6.1711:build_20210621:*:*:*:*:*:* |
|
First Time |
Qnap qts
Qnap |
09 Sep 2024, 13:03
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
06 Sep 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-09-06 17:15
Updated : 2024-09-24 16:42
NVD link : CVE-2023-39300
Mitre link : CVE-2023-39300
CVE.ORG link : CVE-2023-39300
JSON object : View
Products Affected
qnap
- qts
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')