vulnerability
QNAP QTS/QuTS hero: CVE-2023-50358: Unauthenticated Command Injection
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:A/AC:M/Au:N/C:P/I:P/A:P) | Feb 13, 2024 | Apr 8, 2025 | Apr 17, 2025 |
Severity
5
CVSS
(AV:A/AC:M/Au:N/C:P/I:P/A:P)
Published
Feb 13, 2024
Added
Apr 8, 2025
Modified
Apr 17, 2025
Description
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
Solution
qnap-qts-cve-2023-50358
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.