KEVIntel

Vulnerability detail

Enriched intelligence for a single CVE

Back to KEVs

8.0

CVSS
High

CVE-2023-47565

PUBLISHED

Legacy VioStor NVR

Exploited in the wild Low complexity No user interaction

Vendor: QNAP Systems Inc.
Product: VioStor NVR
Published: Dec 08, 2023
EPSS: —

Description

An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmware 5.0.0 and later

windows ios cisa nessus_scanner

CVSS scores

CVSS v3.1 8.0 High

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitation status

Exploited in the wild

Recorded 2023-12-21 00:00:00 UTC · Source

SSVC decision points

Exploitation: active
Automatable: No
Technical impact: total

References

https://www.qnap.com/en/security-advisory/qsa-23-48

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
CISA	Dec 21, 2023

Scanner integrations

Scanner	Reference	Detected
Nessus	https://www.tenable.com/plugins/nessus/189226	Jun 02, 2025

Timeline

CVE ID Reserved

November 06, 2023
CVE Published to Public

December 08, 2023
Added to KEVIntel

December 21, 2023
Detected by Nessus

June 02, 2025