HTTP: QNAP Viostor server.cgi SPECIFIC_SERVER Parameter Command Injection

This signature detects attempts to exploit a known vulnerability against QNAP Viostor. A successful attack can lead to command injection and arbitrary code execution.

Extended Description

An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmware 5.0.0and later

Affected Products

Qnap qvr_firmware

References

CVE: CVE-2023-47565

Short Name
HTTP:CTS:QNAP-SPEFC-SRV-CMD-INJ
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2023-47565 Command Injection Parameter QNAP SPECIFIC_SERVER Viostor server.cgi
Release Date
04/25/2025
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3803
False Positive
Unknown
Vendors

Qnap

Found a potential security threat?