CVE-2023-47563 — Vulnetix

CVE-2023-47563 PUBLISHED CVSS 7.400000095367432 HIGH

An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: Video Station 5.8.2 and later

EPSS 0.67% · 71.7th percentile

Risk Scores

CVSS 3.1

7.400000095367432

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

EPSS Score

0.67%

71.7th percentile

Affected Products

Vendor	Product	Versions
qnap	video_station	5.0.0, 5.0.0
QNAP Systems Inc.	Video Station	5.8.x, 5.8.x

Exploit Intelligence

CIRCL seen: CVE-2023-47563 (circl-sighting)
https://www.qnap.com/en/security-advisory/qsa-24-24 (circl)

Timeline

Sep 6, 2024 CVE Published
Sep 6, 2024 PoC Published
Sep 7, 2024 EPSS Score
Sep 27, 2024 EPSS Score
Oct 17, 2024 EPSS Score
Nov 6, 2024 EPSS Score
Dec 17, 2024 EPSS Score
Jan 6, 2025 EPSS Score
Jan 26, 2025 EPSS Score
Feb 15, 2025 EPSS Score
Mar 7, 2025 EPSS Score
Mar 27, 2025 EPSS Score

References

https://www.qnap.com/en/security-advisory/qsa-24-24 url
https://www.qnap.com/go/security-advisory/qsa-24-24 advisory
https://www.qnap.com/go/security-advisory/qsa-24-26 advisory
https://www.qnap.com/go/security-advisory/qsa-24-34 advisory
https://www.qnap.com/go/security-advisory/qsa-24-30 advisory
https://www.qnap.com/go/security-advisory/qsa-24-21 advisory
https://www.qnap.com/go/security-advisory/qsa-24-27 advisory
https://www.qnap.com/go/security-advisory/qsa-24-29 advisory
https://www.qnap.com/go/security-advisory/qsa-24-28 advisory
https://www.qnap.com/go/security-advisory/qsa-24-32 advisory
https://www.qnap.com/go/security-advisory/qsa-24-25 advisory
https://www.qnap.com/go/security-advisory/qsa-24-33 advisory
https://www.qnap.com/go/security-advisory/qsa-24-22 advisory
https://www.qnap.com/go/security-advisory/qsa-24-35 advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-47563 advisory

Open in Interactive Console →