vulnerability

QNAP QTS: CVE-2023-23359: Vulnerabilities in QTS, QuTS hero and QuTScloud

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:N/I:N/A:C)	Sep 16, 2023	Aug 4, 2025	Oct 16, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:N/A:C)

Published

Sep 16, 2023

Added

Aug 4, 2025

Modified

Oct 16, 2025

Description

Two out-of-bounds write vulnerabilities have been reported to affect multiple QNAP operating systems. If exploited, the vulnerabilities allow authenticated users to launch a denial-of-service (DoS) attack via network vector. We have already fixed the vulnerability in the following operating system versions: QTS 5.0.1.2346 build 20230322 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2348 build 20230324 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later

Solution

qnap-qts-upgrade-latest

References

CVE-2023-23359
https://attackerkb.com/topics/CVE-2023-23359
URL-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23359
URL-https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-23359
URL-https://www.qnap.com/en-uk/security-advisory/QSA-23-19

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today