CVE-2023-47564

EUVD-2023-51675
An incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network.

We have already fixed the vulnerability in the following versions:
Qsync Central 4.4.0.15 ( 2024/01/04 ) and later
Qsync Central 4.3.0.11 ( 2024/01/11 ) and later
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
qnapqsync_central
4.3.0.0 ≤
𝑥
< 4.3.0.11
qnapqsync_central
4.4.0.0 ≤
𝑥
< 4.4.0.15
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
qnapqsync_central
4.4.0.0 ≤
𝑥
< 4.4.0.15
ADP
qnapqsync_central
4.3.0.0 ≤
𝑥
< 4.3.0.11
ADP
Common Weakness Enumeration
References
https://www.qnap.com/en/security-advisory/qsa-24-03
https://www.qnap.com/en/security-advisory/qsa-24-03