cve/2023/CVE-2023-23369.md

### [CVE-2023-23369](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23369)
![](https://img.shields.io/static/v1?label=Product&message=Media%20Streaming%20add-on&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=Multimedia%20Console&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=QTS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=2.1.x%3C%202.1.2%20(%202023%2F05%2F04%20)%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=5.1.x%3C%205.1.0.2399%20build%2020230515%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=500.1.x%3C%20500.1.1.2%20(%202023%2F06%2F12%20)%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78&color=brighgreen)

### Description

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.We have already fixed the vulnerability in the following versions:Multimedia Console 2.1.2 ( 2023/05/04 ) and laterMultimedia Console 1.4.8 ( 2023/05/05 ) and laterQTS 5.1.0.2399 build 20230515 and laterQTS 4.3.6.2441 build 20230621 and laterQTS 4.3.4.2451 build 20230621 and laterQTS 4.3.3.2420 build 20230621 and laterQTS 4.2.6 build 20230621 and laterMedia Streaming add-on 500.1.1.2 ( 2023/06/12 ) and laterMedia Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/yikesoftware/yikesoftware
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2023-23369](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23369)`
			`![](https://img.shields.io/static/v1?label=Product&message=Media%20Streaming%20add-on&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=Multimedia%20Console&color=blue)`
			`![](https://img.shields.io/static/v1?label=Product&message=QTS&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=2.1.x%3C%202.1.2%20(%202023%2F05%2F04%20)%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=5.1.x%3C%205.1.0.2399%20build%2020230515%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Version&message=500.1.x%3C%20500.1.1.2%20(%202023%2F06%2F12%20)%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-77&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-78&color=brighgreen)`

			`### Description`

			An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.We have already fixed the vulnerability in the following versions:Multimedia Console 2.1.2 ( 2023/05/04 ) and laterMultimedia Console 1.4.8 ( 2023/05/05 ) and laterQTS 5.1.0.2399 build 20230515 and laterQTS 4.3.6.2441 build 20230621 and laterQTS 4.3.4.2451 build 20230621 and laterQTS 4.3.3.2420 build 20230621 and laterQTS 4.2.6 build 20230621 and laterMedia Streaming add-on 500.1.1.2 ( 2023/06/12 ) and laterMedia Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/yikesoftware/yikesoftware`