CVE-2023-32976 MEDIUM

CVE-2023-32976: Container Station

Vendor Qnap Systems Inc.

Product Container Station

Weakness CWE-78

Published October 13, 2023

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

6.6/10

Attack vector Network

Attack complexity High

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

An OS command injection vulnerability has been reported to affect Container Station. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following version: Container Station 2.6.7.44 and later

Key dates

02Disclosure timeline

October 13, 2023 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-32976

Related vulnerabilities

04Related CVE

CVE-2026-0507 OS Command Injection vulnerability in SAP Application Server for ABAP and SAP NetWeaver RFCSDK CVE-2023-21410 Non-sanitized user input could lead to arbitrary code execution in AXIS License Plate Verifier CVE-2022-1813 OS Command Injection in yogeshojha/rengine CVE-2023-51698 Atril's CBT comic book parsing vulnerable to Remote Code Execution CVE-2026-28460 OpenClaw < 2026.2.22 - Allowlist Bypass via Shell Line-Continuation Command Substitution in system.run

Identifiers

CVE CVE-2023-32976

CWE CWE-78

CVSS 6.6 / MEDIUM

Affected versions

Vendor Qnap Systems Inc.

Product Container Station

Affected ≥ 2.6.x.x and < 2.6.7.44