CVE-2023-34975 MEDIUM

CVE-2023-34975: QTS, QuTS hero, QuTScloud

Vendor Qnap Systems Inc.
Product QuTS hero
Weakness CWE-78
Published October 13, 2023
Last update January 12, 2026

CVSS base score

6.6/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. QuTScloud is not affected. We have already fixed the vulnerability in the following versions: QuTS hero h4.5.4.2626 build 20231225 and later QTS 4.5.4.2627 build 20231225 and later

Key dates

02Disclosure timeline

October 13, 2023 CVE published
January 12, 2026 Record updated