vulnerability
QNAP QTS: CVE-2023-39300: Vulnerability in Legacy Versions of QTS
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:M/C:C/I:C/A:C) | Sep 7, 2024 | Aug 4, 2025 | Mar 25, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:M/C:C/I:C/A:C)
Published
Sep 7, 2024
Added
Aug 4, 2025
Modified
Mar 25, 2026
Description
An OS command injection vulnerability has been reported to affect legacy versions of QTS. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands on the operating system through an application's input.
Solution
qnap-qts-upgrade-latest
References
- CWE-78
- CVE-2023-39300
- https://attackerkb.com/topics/CVE-2023-39300
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39300
- https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2023-39300
- https://www.qnap.com/en-uk/security-advisory/QSA-24-26
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2023-43032
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.