CVE-2023-47564

An incorrect permission assignment for critical resource vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow authenticated users to read or modify the resource via a network.

We have already fixed the vulnerability in the following versions:
Qsync Central 4.4.0.15 ( 2024/01/04 ) and later
Qsync Central 4.3.0.11 ( 2024/01/11 ) and later
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
qnapCNA
8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
qnapqsync_central
4.3.0.0 ≤
𝑥
< 4.3.0.11
qnapqsync_central
4.4.0.0 ≤
𝑥
< 4.4.0.15
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.qnap.com/en/security-advisory/qsa-24-03
https://www.qnap.com/en/security-advisory/qsa-24-03