vulnerability
QNAP QTS: CVE-2023-23367: Vulnerability in QTS, QuTS hero, and QuTScloud
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:M/C:P/I:P/A:P) | Nov 11, 2023 | Aug 4, 2025 | Mar 25, 2026 |
Severity
6
CVSS
(AV:N/AC:L/Au:M/C:P/I:P/A:P)
Published
Nov 11, 2023
Added
Aug 4, 2025
Modified
Mar 25, 2026
Description
An OS command injection vulnerability has been reported to affect several QNAP operating systems. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
Solution
qnap-qts-upgrade-latest
References
- CWE-78
- CVE-2023-23367
- https://attackerkb.com/topics/CVE-2023-23367
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23367
- https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-23367
- https://www.qnap.com/en-uk/security-advisory/QSA-23-24
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-27467
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.