Security Vulnerabilities - CVEs Published In December 2023
A vulnerability was found in Totolink X5000R 9.1.0cu.2300_B20230112. It has been rated as critical. This issue affects the function setDdnsCfg/setDynamicRoute/setFirewallType/setIPSecCfg/setIpPortFilterRules/setLancfg/setLoginPasswordCfg/setMacFilterRules/setMtknatCfg/setNetworkConfig/setPortForwardRules/setRemoteCfg/setSSServer/setScheduleCfg/setSmartQosCfg/setStaticDhcpRules/setStaticRoute/setVpnAccountCfg/setVpnPassCfg/setVpnUser/setWiFiAclAddConfig/setWiFiEasyGuestCfg/setWiFiGuestCfg/setWiFiRepeaterConfig/setWiFiScheduleCfg/setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to os command injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247247. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
5.5
EPSS Score
0.11
Published
2023-12-08
In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure if the attacker is able to observe the behavior of the subsequent switch conditional with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
7.5
EPSS Score
0.002
Published
2023-12-08
In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
7.5
EPSS Score
0.003
Published
2023-12-08
there is a possible way for the secure world to write to NS memory due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-12-08
there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-12-08
there is a possible DCK won't be deleted after factory reset due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-12-08
In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-12-08
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.0.1.2514 build 20230906 and later
QTS 5.1.2.2533 build 20230926 and later
QuTS hero h5.0.1.2515 build 20230907 and later
QuTS hero h5.1.2.2534 build 20230927 and later
CVSS Score
4.9
EPSS Score
0.001
Published
2023-12-08
CVE-2023-47565
An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QVR Firmware 5.0.0 and later
Known exploited
CVSS Score
8.0
EPSS Score
0.793
Published
2023-12-08
In Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
4.9
EPSS Score
0.002
Published
2023-12-08