Rewterz Threat Advisory – QNAP Multimedia Console and QTS Vulnerabilities

Rewterz Threat Advisory – CVE-2023-42753 – Linux Kernel Vulnerability

September 25, 2023

Rewterz Threat Advisory – CVE-2023-43128 – D-Link DIR-806 Vulnerability

September 25, 2023

Rewterz Threat Advisory – QNAP Multimedia Console and QTS Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-23364 CVSS:8.1

QNAP Multimedia Console could allow a remote attacker to execute arbitrary code on the system, caused by a buffer copy without checking size of input. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-23363 CVSS:8.1

QNAP QTS could allow a remote attacker to execute arbitrary code on the system, caused by a buffer copy without checking size of input. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

Code Execution

Indicators Of Compromise

CVE

CVE-2023-23364
CVE-2023-23363

Affected Vendors

QNAP

Affected Products

QNAP Multimedia Console 1.4
QNAP Multimedia Console 2.1
QNAP QTS 4.2.6
QNAP QTS 4.3.4
QNAP QTS 4.3.6

Remediation

Refer to QNAP Security Advisory for patch, upgrade or suggested workaround information.

CVE-2023-23364

CVE-2023-23363

Rewterz Threat Advisory – CVE-2023-42753 – Linux Kernel Vulnerability

Rewterz Threat Advisory – CVE-2023-43128 – D-Link DIR-806 Vulnerability

Rewterz Threat Advisory – QNAP Multimedia Console and QTS Vulnerabilities

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan