← Zuruck zu CVEs
CVE-2023-47565
HIGHCISA KEV8.0
Beschreibung
An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmware 5.0.0 and later
CVE Details
CVSS v3.1 Bewertung8.0
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorADJACENT_NETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht12/8/2023
Zuletzt geandert2/26/2026
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerQNAP
ProduktVioStor NVR
SchwachstellennameQNAP VioStor NVR OS Command Injection Vulnerability
KEV Aufnahmedatum2023-12-21
Behebungsfrist2024-01-11
Ransomware-NutzungUnknown
Betroffene Produkte
qnap:qvr_firmware
Schwachen (CWE)
CWE-78CWE-78
Referenzen
https://www.qnap.com/en/security-advisory/qsa-23-48(security@qnapsecurity.com.tw)
https://www.qnap.com/en/security-advisory/qsa-23-48(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-47565(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.