QNAP has released security advisories to address command injection vulnerabilities in multiple QNAP operating system versions. Tracked as CVE-2023-23368 and CVE-2023-23369, the vulnerabilities are rated as critical with a CVSS score of 9.8 and 9, respectively. Successful exploitation of the vulnerabilities may allow a remote attacker to execute commands via a network.
QNAP QTS provides advanced drive analysis and RAID disc replacement that protects your data delegated administration to reduce management workload. QTS comes with an SMB multichannel for improved performance and fault-tolerant connections.
- QTS 5.0.x
- QTS 4.5.x
- QuTS hero h5.0.x
- QuTS hero h4.5.x
- QuTScloud c5.0.x
- QTS 5.1.x
- QTS 4.3.6
- QTS 4.3.4
- QTS 4.3.3
- QTS 4.2.x
- Multimedia Console 2.1.x
- Multimedia Console 1.4.x
- Media Streaming add-on 500.1.x
- Media Streaming add-on 500.0.x
- QuTScloud c220.127.116.114 and later
- QTS 18.104.22.1686 build 20230421 and later
- QTS 22.214.171.1244 build 20230416 and later
- QuTS hero h126.96.36.1996 build 20230421 and later
- QuTS hero h188.8.131.524 build 20230417 and later
- QTS 184.108.40.2069 build 20230515 and later
- QTS 220.127.116.111 build 20230621 and later
- QTS 18.104.22.1681 build 20230621 and later
- QTS 22.214.171.1240 build 20230621 and later
- QTS 4.2.6 build 20230621 and later
- Multimedia Console 2.1.2 (2023/05/04) and later
- Multimedia Console 1.4.8 (2023/05/05) and later
- Media Streaming add-on 500.1.1.2 (2023/06/12) and later
- Media Streaming add-on 500.0.0.11 (2023/06/16) and later
Qualys customers can scan their devices with QIDs 730968 and 730969 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.