CVE-2023-39300

An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2805 build 20240619 and later QTS 4.3.4.2814 build 20240618 and later QTS 4.3.3.2784 build 20240619 and later QTS 4.2.6 build 20240618 and later
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:qnap:qts:4.3.6.0895:build_20190328:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.0907:build_20190409:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.0923:build_20190425:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.0944:build_20190516:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.0959:build_20190531:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.0979:build_20190620:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.0993:build_20190704:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1013:build_20190724:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1033:build_20190813:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1070:build_20190919:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1154:build_20191212:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1218:build_20200214:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1263:build_20200330:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1286:build_20200422:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1333:build_20200608:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1411:build_20200825:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1446:build_20200929:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1620:build_20210322:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1663:build_20210504:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1711:build_20210621:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1750:build_20210730:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1831:build_20211019:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1907:build_20220103:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1965:build_20220302:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.2050:build_20220526:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.2232:build_20221124:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.2441:build_20230621:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.2665:build_20240131:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:qnap:qts:4.3.4.0899:build_20190322:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.1029:build_20190730:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.1082:build_20190921:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.1190:build_20200107:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.1282:build_20200408:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.1368:build_20200703:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.1417:build_20200821:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.1463:build_20201006:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.1632:build_20210324:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.1652:build_20210413:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.1976:build_20220303:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.2107:build_20220712:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.2242:build_20221124:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.2451:build_20230621:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.2675:build_20240131:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:qnap:qts:4.3.3.0174:build_20170503:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0868:build_20190322:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0998:build_20190730:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1051:build_20190921:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1098:build_20191107:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1161:build_20200109:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1252:build_20200409:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1315:build_20200611:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1386:build_20200821:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1432:build_20201006:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1624:build_20210416:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1677:build_20210608:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1693:build_20210624:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1799:build_20211008:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1864:build_20211212:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1945:build_20220303:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.2057:build_20220623:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.2211:build_20221124:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.2420:build_20230621:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.2644:build_20240131:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:qnap:qts:4.2.6:build_20170517:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20190322:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20190730:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20190921:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20191107:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20200109:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20200421:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20200611:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20200821:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20210327:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20211215:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20220304:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20220623:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20221028:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20230621:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20240131:*:*:*:*:*:*

History

24 Sep 2024, 16:42

Type Values Removed Values Added
References () https://www.qnap.com/en/security-advisory/qsa-24-26 - () https://www.qnap.com/en/security-advisory/qsa-24-26 - Vendor Advisory
CPE cpe:2.3:o:qnap:qts:4.3.6.1333:build_20200608:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.1282:build_20200408:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1446:build_20200929:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.1368:build_20200703:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1218:build_20200214:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.0923:build_20190425:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.0895:build_20190328:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1386:build_20200821:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20230621:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20211215:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1677:build_20210608:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.2441:build_20230621:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1161:build_20200109:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20191107:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.1417:build_20200821:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.1632:build_20210324:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1750:build_20210730:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.1190:build_20200107:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.2644:build_20240131:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20200821:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1799:build_20211008:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.1082:build_20190921:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1864:build_20211212:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.2232:build_20221124:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.0959:build_20190531:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20190730:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1432:build_20201006:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.0907:build_20190409:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20190322:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.2675:build_20240131:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0868:build_20190322:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.2420:build_20230621:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.1652:build_20210413:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.2050:build_20220526:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.0944:build_20190516:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1013:build_20190724:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20220623:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1620:build_20210322:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1624:build_20210416:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1663:build_20210504:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1411:build_20200825:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1051:build_20190921:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.0899:build_20190322:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1070:build_20190919:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20190921:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1907:build_20220103:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.1463:build_20201006:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1154:build_20191212:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1263:build_20200330:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1033:build_20190813:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20200109:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1098:build_20191107:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20170517:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.2211:build_20221124:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.1029:build_20190730:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.2057:build_20220623:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20200421:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1693:build_20210624:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1286:build_20200422:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.0979:build_20190620:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1945:build_20220303:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20200611:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1831:build_20211019:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.2242:build_20221124:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.1976:build_20220303:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.2107:build_20220712:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1252:build_20200409:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20220304:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1965:build_20220302:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20210327:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20240131:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.2.6:build_20221028:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.1315:build_20200611:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.0993:build_20190704:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.2665:build_20240131:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.4.2451:build_20230621:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0174:build_20170503:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.3.0998:build_20190730:*:*:*:*:*:*
cpe:2.3:o:qnap:qts:4.3.6.1711:build_20210621:*:*:*:*:*:*
First Time Qnap qts
Qnap

09 Sep 2024, 13:03

Type Values Removed Values Added
Summary
  • (es) Se ha informado de una vulnerabilidad de inyección de comandos del sistema operativo que afecta a la versión anterior de QTS. Si se explota, la vulnerabilidad podría permitir que los administradores autenticados ejecuten comandos a través de una red. Ya hemos corregido la vulnerabilidad en las siguientes versiones: QTS 4.3.6.2805, compilación 20240619 y posteriores QTS 4.3.4.2814, compilación 20240618 y posteriores QTS 4.3.3.2784, compilación 20240619 y posteriores QTS 4.2.6, compilación 20240618 y posteriores

06 Sep 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-06 17:15

Updated : 2024-09-24 16:42


NVD link : CVE-2023-39300

Mitre link : CVE-2023-39300

CVE.ORG link : CVE-2023-39300


JSON object : View

Products Affected

qnap

  • qts
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')