.. / CVE-2023-47218

Exploit for QNAP QTS and QuTS Hero - OS Command Injection (CVE-2023-47218)

Description:

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later.

Nuclei Template

View the template here CVE-2023-47218.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2023/CVE-2023-47218.yaml
Copy

References:

https://github.com/passwa11/CVE-2023-47218
https://twitter.com/win3zz/status/1760224052289888668/photo/3
https://www.qnap.com/en/security-advisory/qsa-23-57
https://www.rapid7.com/blog/post/2024/02/13/cve-2023-47218-qnap-qts-and-quts-hero-unauthenticated-command-injection-fixed/
https://nvd.nist.gov/vuln/detail/CVE-2023-47218