An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices.

We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2376 build 20230421 and later
QTS 4.5.4.2374 build 20230416 and later
QuTS hero h5.0.1.2376 build 20230421 and later
QuTS hero h4.5.4.2374 build 20230417 and later
QuTScloud c5.0.1.2374 and later

Related CVEs

CVE-2023-23362

Key Information

GHSA ID

GHSA-vw76-r5h7-p4w9

Published

September 22, 2023 6:30 AM

Last Modified

April 4, 2024 7:48 AM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: June 30, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.