CVE-2023-23355 Information

Description

A vulnerability has been reported to affect multiple QNAP operating systems. If exploited the vulnerability allows remote authenticated users to execute arbitrary commands via susceptible QNAP devices. The vulnerability affects the following QNAP operating systems: QTS QuTS hero QuTScloud QVP (QVR Pro appliances) QVR. We have already fixed the vulnerability in the following operating system versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later

Reference

https://www.qnap.com/en/security-advisory/qsa-23-10