Skip to main content

Qts CVE-2023-45041

LOW
Classic Buffer Overflow (CWE-120)
2024-01-05 security@qnapsecurity.com.tw
3.8
CVSS 3.1 · NVD

Severity by source

NVD PRIMARY
3.8 LOW
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 19:33 vuln.today
CVE Published
Jan 05, 2024 - 17:15 nvd
LOW 3.8

DescriptionCVE.org

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network.

We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later

AnalysisAI

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Copy without Size Check (CWE-120), which allows attackers to overflow a buffer to corrupt adjacent memory. A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.4.2596 build 20231128 and later QuTS hero h5.1.4.2596 build 20231128 and later Affected products include: Qnap Qts, Qnap Quts Hero.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Always validate buffer sizes before copy operations. Use bounded functions (strncpy, snprintf). Enable compiler protections.

More in Qts

View all
CVE-2017-6361 CRITICAL POC
9.8 Mar 23

QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors. Rated criti

CVE-2017-6360 CRITICAL POC
9.8 Mar 23

QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information

CVE-2017-13067 CRITICAL POC
9.8 Sep 14

QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.

CVE-2017-6359 CRITICAL POC
9.8 Mar 23

QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands vi

CVE-2017-5227 HIGH POC
7.5 Mar 23

QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by

CVE-2017-7876 CRITICAL POC
10.0 Jun 15

This command injection vulnerability in QTS allows attackers to run arbitrary commands in the compromised application. R

CVE-2019-7193 CRITICAL POC
9.8 Dec 05

This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. Rated criti

CVE-2023-39296 HIGH POC
7.5 Jan 05

A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. Rated high sever

CVE-2017-17028 CRITICAL
9.8 Dec 21

A buffer overflow vulnerability in external device function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 2

CVE-2017-17033 CRITICAL
9.8 Dec 21

A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117

CVE-2017-17032 CRITICAL
9.8 Dec 21

A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117

CVE-2017-17031 CRITICAL
9.8 Dec 21

A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117

Share

CVE-2023-45041 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy