CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-47565

An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmware 5.0.0 and later

Exploit prediction scoring system (EPSS) score

EPSS Score 0.805

EPSS Ranking 99.1%

CVSS Severity

CVSS v3 Score 8.0

Proposed Action

QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network.

Ransomware Campaign

Unknown

References

https://www.qnap.com/en/security-advisory/qsa-23-48
https://www.qnap.com/en/security-advisory/qsa-23-48

Products affected by CVE-2023-47565

Qnap » Qvr Firmware » Version: 4.0.0

cpe:2.3:o:qnap:qvr_firmware:4.0.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-47565

Products

Pricing

Contact Us