CVE-2023-39300 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.2 HIGH	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
qnap	CNA	7.2 HIGH	NETWORK	LOW	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 33%

Vendor	Product	Version
qnap	qts	4.3.6.0895:build_20190328
qnap	qts	4.3.6.0907:build_20190409
qnap	qts	4.3.6.0923:build_20190425
qnap	qts	4.3.6.0944:build_20190516
qnap	qts	4.3.6.0959:build_20190531
qnap	qts	4.3.6.0979:build_20190620
qnap	qts	4.3.6.0993:build_20190704
qnap	qts	4.3.6.1013:build_20190724
qnap	qts	4.3.6.1033:build_20190813
qnap	qts	4.3.6.1070:build_20190919
qnap	qts	4.3.6.1154:build_20191212
qnap	qts	4.3.6.1218:build_20200214
qnap	qts	4.3.6.1263:build_20200330
qnap	qts	4.3.6.1286:build_20200422
qnap	qts	4.3.6.1333:build_20200608
qnap	qts	4.3.6.1411:build_20200825
qnap	qts	4.3.6.1446:build_20200929
qnap	qts	4.3.6.1620:build_20210322
qnap	qts	4.3.6.1663:build_20210504
qnap	qts	4.3.6.1711:build_20210621
qnap	qts	4.3.6.1750:build_20210730
qnap	qts	4.3.6.1831:build_20211019
qnap	qts	4.3.6.1907:build_20220103
qnap	qts	4.3.6.1965:build_20220302
qnap	qts	4.3.6.2050:build_20220526
qnap	qts	4.3.6.2232:build_20221124
qnap	qts	4.3.6.2441:build_20230621
qnap	qts	4.3.6.2665:build_20240131
qnap	qts	4.3.4.0899:build_20190322
qnap	qts	4.3.4.1029:build_20190730
qnap	qts	4.3.4.1082:build_20190921
qnap	qts	4.3.4.1190:build_20200107
qnap	qts	4.3.4.1282:build_20200408
qnap	qts	4.3.4.1368:build_20200703
qnap	qts	4.3.4.1417:build_20200821
qnap	qts	4.3.4.1463:build_20201006
qnap	qts	4.3.4.1632:build_20210324
qnap	qts	4.3.4.1652:build_20210413
qnap	qts	4.3.4.1976:build_20220303
qnap	qts	4.3.4.2107:build_20220712
qnap	qts	4.3.4.2242:build_20221124
qnap	qts	4.3.4.2451:build_20230621
qnap	qts	4.3.4.2675:build_20240131
qnap	qts	4.3.3.0174:build_20170503
qnap	qts	4.3.3.0868:build_20190322
qnap	qts	4.3.3.0998:build_20190730
qnap	qts	4.3.3.1051:build_20190921
qnap	qts	4.3.3.1098:build_20191107
qnap	qts	4.3.3.1161:build_20200109
qnap	qts	4.3.3.1252:build_20200409
qnap	qts	4.3.3.1315:build_20200611
qnap	qts	4.3.3.1386:build_20200821
qnap	qts	4.3.3.1432:build_20201006
qnap	qts	4.3.3.1624:build_20210416
qnap	qts	4.3.3.1677:build_20210608
qnap	qts	4.3.3.1693:build_20210624
qnap	qts	4.3.3.1799:build_20211008
qnap	qts	4.3.3.1864:build_20211212
qnap	qts	4.3.3.1945:build_20220303
qnap	qts	4.3.3.2057:build_20220623
qnap	qts	4.3.3.2211:build_20221124
qnap	qts	4.3.3.2420:build_20230621
qnap	qts	4.3.3.2644:build_20240131
qnap	qts	4.2.6:build_20170517
qnap	qts	4.2.6:build_20190322
qnap	qts	4.2.6:build_20190730
qnap	qts	4.2.6:build_20190921
qnap	qts	4.2.6:build_20191107
qnap	qts	4.2.6:build_20200109
qnap	qts	4.2.6:build_20200421
qnap	qts	4.2.6:build_20200611
qnap	qts	4.2.6:build_20200821
qnap	qts	4.2.6:build_20210327
qnap	qts	4.2.6:build_20211215
qnap	qts	4.2.6:build_20220304
qnap	qts	4.2.6:build_20220623
qnap	qts	4.2.6:build_20221028
qnap	qts	4.2.6:build_20230621
qnap	qts	4.2.6:build_20240131

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References

https://www.qnap.com/en/security-advisory/qsa-24-26