Vulnerabilities > CVE-2023-39301 - Server-Side Request Forgery (SSRF) vulnerability in Qnap QTS

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

qnap

CWE-918

NVD

Published: 2023-11-03

Updated: 2023-11-14

Summary

A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2514 build 20230906 and later QTS 5.1.1.2491 build 20230815 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.1.2488 build 20230812 and later QuTScloud c5.1.0.2498 and later

Vulnerable Configurations

Part	Description	Count
OS	Qnap Qnap QTS - Qnap QTS 4.0 Qnap QTS 4.0.3 Qnap QTS 4.1.0 Qnap QTS 4.1.4 Qnap QTS 4.2.0 Qnap QTS 4.2.1 Qnap QTS 4.2.2 Qnap QTS 4.2.3 Qnap QTS 4.2.4 Qnap QTS 4.2.6 Qnap QTS 4.3.1.0013 Qnap QTS 4.3.1.0023 Qnap QTS 4.3.2.0050 Qnap QTS 4.3.2.0060 Qnap QTS 4.3.2.0144 Qnap QTS 4.3.3 Qnap QTS 4.3.3.0095 Qnap QTS 4.3.3.0096 Qnap QTS 4.3.3.0136 Qnap QTS 4.3.3.0154 Qnap QTS 4.3.3.0174 Qnap QTS 4.3.3.0188 Qnap QTS 4.3.3.0210 Qnap QTS 4.3.3.0229 Qnap QTS 4.3.3.0238 Qnap QTS 4.3.3.0262 Qnap QTS 4.3.3.0299 Qnap QTS 4.3.3.0351 Qnap QTS 4.3.3.0353 Qnap QTS 4.3.3.0361 Qnap QTS 4.3.3.0369 Qnap QTS 4.3.3.0378 Qnap QTS 4.3.3.0396 Qnap QTS 4.3.3.0404 Qnap QTS 4.3.3.0416 Qnap QTS 4.3.3.0418 Qnap QTS 4.3.3.0448 Qnap QTS 4.3.3.0514 Qnap QTS 4.3.3.0546 Qnap QTS 4.3.3.0570 Qnap QTS 4.3.3.0868 Qnap QTS 4.3.3.0998 Qnap QTS 4.3.3.1051 Qnap QTS 4.3.3.1098 Qnap QTS 4.3.3.1161 Qnap QTS 4.3.3.1252 Qnap QTS 4.3.3.1315 Qnap QTS 4.3.3.1386 Qnap QTS 4.3.3.1432 Qnap QTS 4.3.3.1624 Qnap QTS 4.3.3.1677 Qnap QTS 4.3.3.1693 Qnap QTS 4.3.3.1799 Qnap QTS 4.3.3.1864 Qnap QTS 4.3.3.1945 Qnap QTS 4.3.3.2057 Qnap QTS 4.3.3.2211 Qnap QTS 4.3.3.2420 Qnap QTS 4.3.3.4132 Qnap QTS 4.3.4 Qnap QTS 4.3.4.0358 Qnap QTS 4.3.4.0370 Qnap QTS 4.3.4.0372 Qnap QTS 4.3.4.0374 Qnap QTS 4.3.4.0387 Qnap QTS 4.3.4.0411 Qnap QTS 4.3.4.0416 Qnap QTS 4.3.4.0427 Qnap QTS 4.3.4.0434 Qnap QTS 4.3.4.0435 Qnap QTS 4.3.4.0451 Qnap QTS 4.3.4.0483 Qnap QTS 4.3.4.0486 Qnap QTS 4.3.4.0506 Qnap QTS 4.3.4.0516 Qnap QTS 4.3.4.0526 Qnap QTS 4.3.4.0551 Qnap QTS 4.3.4.0557 Qnap QTS 4.3.4.0561 Qnap QTS 4.3.4.0569 Qnap QTS 4.3.4.0593 Qnap QTS 4.3.4.0597 Qnap QTS 4.3.4.0604 Qnap QTS 4.3.4.0899 Qnap QTS 4.3.4.1029 Qnap QTS 4.3.4.1082 Qnap QTS 4.3.4.1190 Qnap QTS 4.3.4.1282 Qnap QTS 4.3.4.1368 Qnap QTS 4.3.4.1417 Qnap QTS 4.3.4.1463 Qnap QTS 4.3.4.1632 Qnap QTS 4.3.4.1652 Qnap QTS 4.3.4.1976 Qnap QTS 4.3.4.2107 Qnap QTS 4.3.4.2242 Qnap QTS 4.3.4.2451 Qnap QTS 4.3.5 Qnap QTS 4.3.6 Qnap QTS 4.3.6.0895 Qnap QTS 4.3.6.0907 Qnap QTS 4.3.6.0923 Qnap QTS 4.3.6.0944 Qnap QTS 4.3.6.0959 Qnap QTS 4.3.6.0979 Qnap QTS 4.3.6.0993 Qnap QTS 4.3.6.1013 Qnap QTS 4.3.6.1033 Qnap QTS 4.3.6.1070 Qnap QTS 4.3.6.1154 Qnap QTS 4.3.6.1218 Qnap QTS 4.3.6.1263 Qnap QTS 4.3.6.1286 Qnap QTS 4.3.6.1333 Qnap QTS 4.3.6.1411 Qnap QTS 4.3.6.1446 Qnap QTS 4.3.6.1620 Qnap QTS 4.3.6.1663 Qnap QTS 4.3.6.1711 Qnap QTS 4.3.6.1750 Qnap QTS 4.3.6.1831 Qnap QTS 4.3.6.1907 Qnap QTS 4.3.6.1965 Qnap QTS 4.3.6.2050 Qnap QTS 4.3.6.2232 Qnap QTS 4.3.6.2441 Qnap QTS 4.4.0 Qnap QTS 4.4.0.0883 Qnap QTS 4.4.0.0931 Qnap QTS 4.4.0.0979 Qnap QTS 4.4.1 Qnap QTS 4.4.1.0948 Qnap QTS 4.4.1.0949 Qnap QTS 4.4.1.0978 Qnap QTS 4.4.1.0998 Qnap QTS 4.4.1.0999 Qnap QTS 4.4.1.1031 Qnap QTS 4.4.1.1033 Qnap QTS 4.4.1.1064 Qnap QTS 4.4.1.1081 Qnap QTS 4.4.1.1086 Qnap QTS 4.4.1.1101 Qnap QTS 4.4.1.1117 Qnap QTS 4.4.1.1146 Qnap QTS 4.4.1.1201 Qnap QTS 4.4.1.1216 Qnap QTS 4.4.1.1261 Qnap QTS 4.4.2 Qnap QTS 4.4.2.1231 Qnap QTS 4.4.2.1270 Qnap QTS 4.4.3 Qnap QTS 4.4.3.1354 Qnap QTS 4.4.3.1381 Qnap QTS 4.4.3.1400 Qnap QTS 4.4.3.1421 Qnap QTS 4.4.3.1439 Qnap QTS 4.4.3.1444 Qnap QTS 4.5.1 Qnap QTS 4.5.1.1456 Qnap QTS 4.5.1.1461 Qnap QTS 4.5.1.1465 Qnap QTS 4.5.1.1480 Qnap QTS 4.5.1.1495 Qnap QTS 4.5.1.1540 Qnap QTS 4.5.2 Qnap QTS 4.5.2.1566 Qnap QTS 4.5.2.1594 Qnap QTS 4.5.2.1630 Qnap QTS 4.5.3 Qnap QTS 4.5.3.1652 Qnap QTS 4.5.3.1670 Qnap QTS 4.5.3.1697 Qnap QTS 4.5.4 Qnap QTS 4.5.4.1715 Qnap QTS 4.5.4.1723 Qnap QTS 4.5.4.1741 Qnap QTS 4.5.4.1787 Qnap QTS 4.5.4.1800 Qnap QTS 4.5.4.1892 Qnap QTS 4.5.4.1931 Qnap QTS 4.5.4.1991 Qnap QTS 4.5.4.2012 Qnap QTS 4.5.4.2117 Qnap QTS 4.5.4.2280 Qnap QTS 4.5.4.2374 Qnap QTS 4.5.4.2467 Qnap QTS 5.0.0 Qnap QTS 5.0.0.1716 Qnap QTS 5.0.0.1785 Qnap QTS 5.0.0.1808 Qnap QTS 5.0.0.1828 Qnap QTS 5.0.0.1837 Qnap QTS 5.0.0.1850 Qnap QTS 5.0.0.1853 Qnap QTS 5.0.0.1858 Qnap QTS 5.0.0.1870 Qnap QTS 5.0.0.1932 Qnap QTS 5.0.0.1981 Qnap QTS 5.0.0.1986 Qnap QTS 5.0.1 Qnap QTS 5.0.1.2034 Qnap QTS 5.0.1.2079 Qnap QTS 5.0.1.2131 Qnap QTS 5.0.1.2137 Qnap QTS 5.0.1.2145 Qnap QTS 5.0.1.2173 Qnap QTS 5.0.1.2194 Qnap QTS 5.0.1.2234 Qnap QTS 5.0.1.2248 Qnap QTS 5.0.1.2277 Qnap QTS 5.0.1.2346 Qnap QTS 5.0.1.2376 Qnap QTS 5.0.1.2425 Qnap QTS 5.0.1.2514 Qnap QTS 5.1.0 Qnap QTS 5.1.0.2348 Qnap QTS 5.1.0.2399 Qnap QTS 5.1.0.2418 Qnap QTS 5.1.0.2444 Qnap Quts Hero - Qnap Quts Hero 4.5.4.2374 Qnap Quts Hero 5.0.1.2376 Qnap Quts Hero H4.5.0 Qnap Quts Hero H4.5.0.1279 Qnap Quts Hero H4.5.0.1308 Qnap Quts Hero H4.5.0.1352 Qnap Quts Hero H4.5.0.1409 Qnap Quts Hero H4.5.1 Qnap Quts Hero H4.5.1.1472 Qnap Quts Hero H4.5.1.1491 Qnap Quts Hero H4.5.1.1582 Qnap Quts Hero H4.5.2 Qnap Quts Hero H4.5.2.1638 Qnap Quts Hero H4.5.3 Qnap Quts Hero H4.5.4 Qnap Quts Hero H4.5.4.1771 Qnap Quts Hero H4.5.4.1800 Qnap Quts Hero H4.5.4.1813 Qnap Quts Hero H4.5.4.1848 Qnap Quts Hero H4.5.4.1892 Qnap Quts Hero H4.5.4.1951 Qnap Quts Hero H4.5.4.1971 Qnap Quts Hero H4.5.4.1991 Qnap Quts Hero H4.5.4.2052 Qnap Quts Hero H4.5.4.2138 Qnap Quts Hero H4.5.4.2217 Qnap Quts Hero H4.5.4.2272 Qnap Quts Hero H4.5.4.2374 Qnap Quts Hero H4.5.4.2476 Qnap Quts Hero H5.0.0 Qnap Quts Hero H5.0.0.1772 Qnap Quts Hero H5.0.0.1844 Qnap Quts Hero H5.0.0.1856 Qnap Quts Hero H5.0.0.1892 Qnap Quts Hero H5.0.0.1900 Qnap Quts Hero H5.0.0.1949 Qnap Quts Hero H5.0.0.1986 Qnap Quts Hero H5.0.1.2045 Qnap Quts Hero H5.0.1.2192 Qnap Quts Hero H5.0.1.2248 Qnap Quts Hero H5.0.1.2269 Qnap Quts Hero H5.0.1.2277 Qnap Quts Hero H5.0.1.2348 Qnap Quts Hero H5.0.1.2376 Qnap Quts Hero H5.0.1.2515 Qnap Quts Hero H5.1.0 Qnap Quts Hero H5.1.0.2409 Qnap Quts Hero H5.1.0.2424 Qnap Quts Hero H5.1.0.2453 Qnap Quts Hero H5.1.0.2466 Qnap Qutscloud - Qnap Qutscloud C4.5.1 Qnap Qutscloud C4.5.1.1350 Qnap Qutscloud C4.5.2.1379 Qnap Qutscloud C4.5.3 Qnap Qutscloud C4.5.4 Qnap Qutscloud C4.5.6 Qnap Qutscloud C4.5.6.1755 Qnap Qutscloud C5.0.0.1919 Qnap Qutscloud C5.0.1.1949 Qnap Qutscloud C5.0.1.1998 Qnap Qutscloud C5.0.1.2044 Qnap Qutscloud C5.0.1.2148 Qnap Qutscloud C5.0.1.2374	421

Common Weakness Enumeration (CWE)

CWE-918 - Server-Side Request Forgery (SSRF)

References

https://www.qnap.com/en/security-advisory/qsa-23-51