← Back to CVEs
CVE-2023-47565
HIGHCISA KEV8.0
Description
An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmware 5.0.0 and later
CVE Details
CVSS v3.1 Score8.0
SeverityHIGH
CVSS VectorCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorADJACENT_NETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published12/8/2023
Last Modified2/26/2026
Sourcekev
Honeypot Sightings0
CISA KEV
VendorQNAP
ProductVioStor NVR
Vulnerability NameQNAP VioStor NVR OS Command Injection Vulnerability
KEV Date Added2023-12-21
Remediation Due Date2024-01-11
Ransomware UseUnknown
Affected Products
qnap:qvr_firmware
Weaknesses (CWE)
CWE-78CWE-78
References
https://www.qnap.com/en/security-advisory/qsa-23-48(security@qnapsecurity.com.tw)
https://www.qnap.com/en/security-advisory/qsa-23-48(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-47565(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.