A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.

We have already fixed the vulnerability in the following versions:
QuFirewall 2.3.3 ( 2023/03/27 ) and later
and later

Related CVEs

CVE-2023-23356

Key Information

GHSA ID

GHSA-7q2m-5cgc-3v5r

Published

December 19, 2024 3:30 AM

Last Modified

December 19, 2024 3:30 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: July 1, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.