An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmware 5.0.0 and later
| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2023-47565 | QNAP VioStor NVR OS Command Injection Vulnerability | secondary_impact | T1498 | Network Denial of Service |
Comments
CVE-2023-47565 is an OS command injection vulnerability in QNAP VioStor network video recorder (NVR) devices. This vulnerability has been publicly reported to be leveraged during the InfectedSlurs campaign to install a Mirai malware variant with the intention of creating a distributed denial-of-service (DDoS) botnet with these infected devices.
References
|
| CVE-2023-47565 | QNAP VioStor NVR OS Command Injection Vulnerability | primary_impact | T1496 | Resource Hijacking |
Comments
CVE-2023-47565 is an OS command injection vulnerability in QNAP VioStor network video recorder (NVR) devices. This vulnerability has been publicly reported to be leveraged during the InfectedSlurs campaign to install a Mirai malware variant with the intention of creating a distributed denial-of-service (DDoS) botnet with these infected devices.
References
|
| CVE-2023-47565 | QNAP VioStor NVR OS Command Injection Vulnerability | exploitation_technique | T1203 | Exploitation for Client Execution |
Comments
CVE-2023-47565 is an OS command injection vulnerability in QNAP VioStor network video recorder (NVR) devices. This vulnerability has been publicly reported to be leveraged during the InfectedSlurs campaign to install a Mirai malware variant with the intention of creating a distributed denial-of-service (DDoS) botnet with these infected devices.
References
|