CVE-2023-34974

Name: CVE-2023-34974
Creator: NVD / NIST
Published: 2024-09-06T17:15:11.44+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 0.94%

Last modified Jun 17, 2026

CVE-2023-34974 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. QuTScloud, QVR, QES are not affected. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2790 build 20240605 and later QuTS hero h4.5.4.2626 build 20231225 and later. EPSS estimates a 0.94% chance of exploitation in the next 30 days.

Description

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. QuTScloud, QVR, QES are not affected. We have already fixed the vulnerability in the following versions: QTS 4.5.4.2790 build 20240605 and later QuTS hero h4.5.4.2626 build 20231225 and later

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

0.94%

56.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-78

Affected Software

Vendor	Product	Versions	Update
Qnap	Qts	4.5.4.1715	Build 20210630
Qnap	Qts	4.5.4.1723	Build 20210708
Qnap	Qts	4.5.4.1741	Build 20210726
Qnap	Qts	4.5.4.1787	Build 20210910
Qnap	Qts	4.5.4.1800	Build 20210923
Qnap	Qts	4.5.4.1892	Build 20211223
Qnap	Qts	4.5.4.1931	Build 20220128
Qnap	Qts	4.5.4.2012	Build 20220419
Qnap	Qts	4.5.4.2117	Build 20220802
Qnap	Qts	4.5.4.2280	Build 20230112
Qnap	Qts	4.5.4.2374	Build 20230416
Qnap	Qts	4.5.4.2467	Build 20230718
Qnap	Qts	4.5.4.2627	Build 20231225
Qnap	Quts Hero	h4.5.4.1771	Build 20210825
Qnap	Quts Hero	h4.5.4.1800	Build 20210923
Qnap	Quts Hero	h4.5.4.1813	Build 20211006
Qnap	Quts Hero	h4.5.4.1848	Build 20211109
Qnap	Quts Hero	h4.5.4.1892	Build 20211223
Qnap	Quts Hero	h4.5.4.1951	Build 20220218
Qnap	Quts Hero	h4.5.4.1971	Build 20220310
Qnap	Quts Hero	h4.5.4.1991	Build 20220330
Qnap	Quts Hero	h4.5.4.2052	Build 20220530
Qnap	Quts Hero	h4.5.4.2138	Build 20220824
Qnap	Quts Hero	h4.5.4.2217	Build 20221111
Qnap	Quts Hero	h4.5.4.2272	Build 20230105
Qnap	Quts Hero	h4.5.4.2374	Build 20230417
Qnap	Quts Hero	h4.5.4.2476	Build 20230728
Qnap	Quts Hero	h4.5.4.2626	Build 20231225

References

https://www.qnap.com/en/security-advisory/qsa-24-32Vendor Advisory

Timeline

Published: Sep 6, 2024
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2023-34974?

How severe is CVE-2023-34974?

CVE-2023-34974 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 0.94% probability of exploitation in the next 30 days.

How do I fix CVE-2023-34974?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-34974?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST