← Voltar para CVEs
CVE-2023-47565
HIGHCISA KEV8.0
Descricao
An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmware 5.0.0 and later
Detalhes CVE
Pontuacao CVSS v3.18.0
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueADJACENT_NETWORK
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado12/8/2023
Ultima modificacao2/26/2026
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorQNAP
ProdutoVioStor NVR
Nome da vulnerabilidadeQNAP VioStor NVR OS Command Injection Vulnerability
Data inclusao KEV2023-12-21
Prazo de remediacao2024-01-11
Uso em ransomwareUnknown
Produtos afetados
qnap:qvr_firmware
Fraquezas (CWE)
CWE-78CWE-78
Referencias
https://www.qnap.com/en/security-advisory/qsa-23-48(security@qnapsecurity.com.tw)
https://www.qnap.com/en/security-advisory/qsa-23-48(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-47565(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.