Title: Critical OS Command Injection Vulnerability in QNAP Operating Systems Allows Remote Command Execution

Title: Critical OS Command Injection Vulnerability in QNAP Operating Systems Allows Remote Command Execution

CVE-2023-39294 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later

Learn more about our Network Penetration Testing.