CVE-2023-34980— QTS, QuTS hero

CVSS 5.9 · Medium EPSS 0.05% · P15 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-34980

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

QTS, QuTS hero

Source: NVD (National Vulnerability Database)

Vulnerability Description

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2627 build 20231225 and later QuTS hero h4.5.4.2626 build 20231225 and later

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

OS命令中使用的特殊元素转义处理不恰当(OS命令注入)

Source: NVD (National Vulnerability Database)

Vulnerability Title

QNAP Systems 多款产品安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

QNAP Systems QTS和QNAP Systems QuTS hero都是中国威联通科技（QNAP Systems）公司的产品。QNAP Systems QTS是一个入门到中阶QNAP NAS 使用的操作系统。QNAP Systems QuTS hero是一个操作系统。 QNAP Systems 多款产品存在安全漏洞，该漏洞源于存在操作系统命令注入漏洞。以下产品及版本受到影响：QTS，QuTS hero。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
QNAP Systems Inc.	QTS	4.5.x ~ 4.5.4.2627 build 20231225	-
QNAP Systems Inc.	QuTS hero	h4.5.x ~ h4.5.4.2626 build 20231225	-

II. Public POCs for CVE-2023-34980

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-34980

请登录查看更多情报信息。

Same Patch Batch · QNAP Systems Inc. · 2024-03-08 · 6 CVEs total

CVE-2024-21899	9.8 CRITICAL	QTS, QuTS hero, QuTScloud
CVE-2023-47221	5.5 MEDIUM	Photo Station
CVE-2023-32969	4.9 MEDIUM	Network & Virtual Switch
CVE-2024-21901	4.7 MEDIUM	myQNAPcloud
CVE-2024-21900	4.3 MEDIUM	QTS, QuTS hero, QuTScloud

IV. Related Vulnerabilities

Same product: QTS

Same vendor: QNAP Systems Inc.

Same weakness: CWE-78

V. Comments for CVE-2023-34980

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-34980— QTS, QuTS hero

I. Basic Information for CVE-2023-34980

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-34980

III. Intelligence Information for CVE-2023-34980

Same Patch Batch · QNAP Systems Inc. · 2024-03-08 · 6 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2023-34980

Leave a comment