Severity
Medium
Analysis Summary
CVE-2023-51364 CVSS:6.5
QNAP TS-464 NAS devices could allow a remote attacker to traverse directories on the system, caused by a flaw iin the processing of file uploads. An attacker could send a specially crafted URL request containing "dot dot" sequences to create or delete arbitrary files in the context of admin.
CVE-2923-51365 CVSS:6.5
QNAP TS-464 NAS devices could allow a remote attacker to traverse directories on the system, caused by a flaw iin the processing of file uploads. An attacker could send a specially crafted URL request containing "dot dot" sequences to create or modify arbitrary files in the context of admin.
Impact
- Gain Access
- Information Obtained
Indicators of Compromise
CVE
- CVE-2023-51364
- CVE-2023-51365
Affected Vendors
QNAP
Affected Products
- QNAP QuTScloud c5.0
- QNAP QuTS Hero h4.5.0
- QNAP QTS 5.1
- QNAP QTS 4.5
Remediation
Refer to QNAP Security Advisory for patch, upgrade or suggested workaround information.