Vulnerability — CVE-2023-47218

CVE-2023-47218

Reference to the description:: https://nvd.nist.gov/vuln/detail/CVE-2023-47218
Description:: An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later
Last updated date:: 02/15/2024

ACTIVELY EXPLOITED

Type:: exploitation
Confidence:: HIGH
Date of publishing:: 09/18/2024
Reference url to background: https://media.defense.gov/2024/Sep/18/2003547016/-1/-1/1/CSA-PRC-LINKED-ACTORS-BOTNET.PDF

Type:: exploit
Confidence:: HIGH
Date of publishing:: 02/15/2024
Reference url to background: https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/qnap_qts_rce_cve_2023_47218.rb