CVE-2023-47565

Legacy VioStor NVR

CVSS 8 HIGHEPSS 73.3%● KEVCWE-78

In short

A security flaw in QNAP VioStor NVR devices allows users who have logged in to run unauthorized commands on the system. This is dangerous because it can give attackers full control over the device and any data it stores.

Technical detail

OS command injection vulnerability in QNAP QVR Firmware 4.x affects legacy VioStor NVR models. Authenticated users can execute arbitrary OS commands via network, potentially achieving remote code execution and system compromise. Fixed in QVR Firmware 5.0.0 and later.

Summary generated and translated by AI from the official description.

An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmware 5.0.0 and later

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

QNAP Systems Inc. · VioStor NVR

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-47565 https://www.qnap.com/en/security-advisory/qsa-23-48