VYPR
Unrated severityNVD Advisory· Published Nov 3, 2023· Updated Sep 5, 2024

QTS, QuTS hero, QuTScloud

CVE-2023-39301

Description

A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network.

We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.1.2491 build 20230815 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.1.2488 build 20230812 and later QuTScloud c5.1.0.2498 and later

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • Qnap/Qtsllm-fuzzy
    Range: <5.0.1.2514 build 20230906 or <5.1.1.2491 build 20230815
  • Qnap/Quts Herollm-fuzzy
    Range: <h5.0.1.2515 build 20230907 or <h5.1.1.2488 build 20230812
  • Qnap/QuTScloudllm-fuzzy
    Range: <c5.1.0.2498
  • QNAP Systems Inc./QTSv5
    Range: 5.0.x
  • QNAP Systems Inc./QuTScloudv5
    Range: c5.x.x
  • QNAP Systems Inc./QuTS herov5
    Range: h5.0.x

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.