CVE-2023-47564

EUVD-2023-51675
An incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network.

We have already fixed the vulnerability in the following versions:
Qsync Central 4.4.0.15 ( 2024/01/04 ) and later
Qsync Central 4.3.0.11 ( 2024/01/11 ) and later
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
qnapCNA
8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
qnapqsync_central
4.3.0.0 ≤
𝑥
< 4.3.0.11
qnapqsync_central
4.4.0.0 ≤
𝑥
< 4.4.0.15
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.qnap.com/en/security-advisory/qsa-24-03
https://www.qnap.com/en/security-advisory/qsa-24-03