ByteOS Network

Vulnerability Details :

CVE-2023-45036

Assigner-qnap

Assigner Org ID-2fd009eb-170a-4625-932b-17a53af1051f

Published At-02 Feb, 2024 | 16:05

Updated At-17 Jun, 2025 | 21:29

QTS, QuTS hero, QuTScloud

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:qnap

Assigner Org ID:2fd009eb-170a-4625-932b-17a53af1051f

Published At:02 Feb, 2024 | 16:05

Updated At:17 Jun, 2025 | 21:29

▼CVE Numbering Authority (CNA)

QTS, QuTS hero, QuTScloud

Affected Products

Vendor

QNAP Systems, Inc.

Product

QTS

Default Status

unaffected

Versions

Affected

From 5.1.x before 5.1.3.2578 build 20231110 (custom)

Vendor

QNAP Systems, Inc.

Product

QuTS hero

Default Status

unaffected

Versions

Affected

From h5.1.x before h5.1.3.2578 build 20231110 (custom)

Vendor

QNAP Systems, Inc.

Product

QuTScloud

Default Status

unaffected

Versions

Affected

From c5.x.x before c5.1.5.2651 (custom)

Problem Types

Type	CWE ID	Description
CWE	CWE-120	CWE-120

Type: CWE

CWE ID: CWE-120

Description: CWE-120

Metrics

Version	Base score	Base severity	Vector
3.1	3.8	LOW	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

Version: 3.1

Base score: 3.8

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

Impacts

CAPEC ID	Description
CAPEC-100	CAPEC-100

CAPEC ID: CAPEC-100

Description: CAPEC-100

Solutions

We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later

Credits

finder

Jiaxu Zhao && Bingwei Peng

References

Hyperlink	Resource
https://www.qnap.com/en/security-advisory/qsa-23-46	N/A

Hyperlink: https://www.qnap.com/en/security-advisory/qsa-23-46

Resource: N/A

▼Authorized Data Publishers (ADP)

1. CVE Program Container

References

Hyperlink	Resource
https://www.qnap.com/en/security-advisory/qsa-23-46	x_transferred

Hyperlink: https://www.qnap.com/en/security-advisory/qsa-23-46

Resource:

x_transferred

2. CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:security@qnapsecurity.com.tw

Published At:02 Feb, 2024 | 16:15

Updated At:06 Feb, 2024 | 20:18

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Secondary	3.1	3.8	LOW	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

Type: Primary

Version: 3.1

Base score: 7.2

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 3.8

Base severity: LOW

Vector:

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

CPE Matches

QNAP Systems, Inc.

>>qts>>5.1.0.2348

cpe:2.3:o:qnap:qts:5.1.0.2348:build_20230325:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.1.0.2399

cpe:2.3:o:qnap:qts:5.1.0.2399:build_20230515:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.1.0.2418

cpe:2.3:o:qnap:qts:5.1.0.2418:build_20230603:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.1.0.2444

cpe:2.3:o:qnap:qts:5.1.0.2444:build_20230629:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.1.0.2466

cpe:2.3:o:qnap:qts:5.1.0.2466:build_20230721:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.1.1.2491

cpe:2.3:o:qnap:qts:5.1.1.2491:build_20230815:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.1.2.2533

cpe:2.3:o:qnap:qts:5.1.2.2533:build_20230926:*:*:*:*:*:*

QNAP Systems, Inc.

>>qts>>5.1.3.2578

cpe:2.3:o:qnap:qts:5.1.3.2578:-:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.1.0.2409

cpe:2.3:o:qnap:quts_hero:h5.1.0.2409:build_20230525:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.1.0.2424

cpe:2.3:o:qnap:quts_hero:h5.1.0.2424:build_20230609:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.1.0.2453

cpe:2.3:o:qnap:quts_hero:h5.1.0.2453:build_20230708:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.1.0.2466

cpe:2.3:o:qnap:quts_hero:h5.1.0.2466:build_20230721:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.1.1.2488

cpe:2.3:o:qnap:quts_hero:h5.1.1.2488:build_20230812:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.1.2.2534

cpe:2.3:o:qnap:quts_hero:h5.1.2.2534:build_20230927:*:*:*:*:*:*

QNAP Systems, Inc.

>>quts_hero>>h5.1.3.2578

cpe:2.3:o:qnap:quts_hero:h5.1.3.2578:-:*:*:*:*:*:*

QNAP Systems, Inc.

>>qutscloud>>c5.1.0.2498

cpe:2.3:o:qnap:qutscloud:c5.1.0.2498:build_20230822:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-120	Primary	security@qnapsecurity.com.tw

CWE ID: CWE-120

Type: Primary

Source: security@qnapsecurity.com.tw

References

Hyperlink	Source	Resource
https://www.qnap.com/en/security-advisory/qsa-23-46	security@qnapsecurity.com.tw	Vendor Advisory

Hyperlink: https://www.qnap.com/en/security-advisory/qsa-23-46

Source: security@qnapsecurity.com.tw

Resource:

Vendor Advisory

Similar CVEs

154Records found

CVE-2017-2851

Matching Score-4

Assigner-Talos

View Details

Matching Score-4

Assigner-Talos

CVSS Score-7.5||HIGH

EPSS-0.29% / 52.14%

7 Day CHG~0.00%

Published-29 Jun, 2017 | 17:00

Updated-20 Apr, 2025 | 01:37

In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow.

Vendor-foscam Foscam

Product-c1_indoor_hd_camera c1_indoor_hd_camera_firmware Indoor IP Camera C1 Series

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2021-23850

Matching Score-4

Assigner-Robert Bosch GmbH

View Details

Matching Score-4

Assigner-Robert Bosch GmbH

CVSS Score-6.8||MEDIUM

EPSS-0.27% / 49.91%

7 Day CHG~0.00%

Published-30 Mar, 2022 | 16:03

Updated-17 Sep, 2024 | 02:57

Buffer Overflow vulnerability in the recovery image telnet server

A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware.

Vendor-Robert Bosch GmbH

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2021-23851

Matching Score-4

Assigner-Robert Bosch GmbH

View Details

Matching Score-4

Assigner-Robert Bosch GmbH

CVSS Score-6.8||MEDIUM

EPSS-0.24% / 46.44%

7 Day CHG~0.00%

Published-30 Mar, 2022 | 16:03

Updated-16 Sep, 2024 | 18:39

Buffer Overflow vulnerability in the recovery image web-based interface

A specially crafted TCP/IP packet may cause the camera recovery image web interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and allows the upload of a new firmware in case of a damaged firmware.

Vendor-Robert Bosch GmbH

CWE ID-CWE-121

Stack-based Buffer Overflow

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2024-37184

Matching Score-4

Assigner-Talos

View Details

Matching Score-4

Assigner-Talos

CVSS Score-9.1||CRITICAL

EPSS-0.16% / 37.67%

7 Day CHG-0.01%

Published-14 Jan, 2025 | 14:21

Updated-21 Aug, 2025 | 20:39

A buffer overflow vulnerability exists in the adm.cgi rep_as_bridge() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability.

Vendor-WAVLINK Technology Ltd.

Product-wl-wn533a8_firmware wl-wn533a8 Wavlink AC3000

CWE ID-CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2023-45036

Credits

QTS, QuTS hero, QuTScloud

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Affected

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs