What is the severity of CVE-2023-47565?

CVE-2023-47565 has a severity rating of HIGH with a CVSS base score of 8.

Is CVE-2023-47565 in CISA KEV?

Yes. CVE-2023-47565 is listed in the CISA Known Exploited Vulnerabilities (KEV) catalog. Organizations should prioritize remediation.

CVE-2023-47565 | Qnap - Command Injection

Q: What is CVE-2023-47565?

A high-severity OS command injection vulnerability affects legacy QNAP VioStor NVR models running QVR Firmware 4.x. Organizations must patch immediately to prevent exploitation.

An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. This vulnerability has been assigned the identifier CVE-2023-47565 and is classified with a CVSS score of 8, indicating high severity.

The risk to organizations includes potential unauthorized command execution, which may lead to further compromise of the system. The vulnerability remains critical given the implications of such an exploit, emphasizing the need for immediate action.

Organizations should prioritize patching immediately. QNAP has already fixed the vulnerability in QVR Firmware 5.0.0 and later versions. It is essential for users of affected legacy models to upgrade to these versions to mitigate risk.

The vulnerability was published on December 8, 2023, and organizations must ensure they are not operating on outdated firmware to maintain security integrity.

Vulnerability Details

CVE-2023-47565 is characterized as an OS command injection vulnerability, classified under CWE-78. The vulnerability affects legacy QNAP VioStor NVR models running QVR Firmware versions 4.x. If exploited, it could enable authenticated users to execute arbitrary commands over the network.

The vulnerability has a CVSS score of 8, indicating high severity. The analysis reveals that it has a low attack complexity, requires low privileges, and does not necessitate user interaction. The potential impacts include high confidentiality, integrity, and availability effects.

QNAP has issued a security advisory (QSA-23-48) which can be accessed for more detailed mitigation instructions.

Technical Analysis

The root cause of CVE-2023-47565 lies in insufficient input validation allowing OS command injection. The attack vector is classified as adjacent network, which means it can be exploited by users on the same network segment.

The attack complexity is low, and it requires authenticated access, posing a significant risk for environments where users have legitimate access to the systems.

Confidentiality impact is high, as attackers may gain access to sensitive data through command execution. Integrity and availability impacts are also high, as unauthorized commands can modify or disrupt services.

Risk & Impact Analysis

Real-world deployment of legacy QNAP VioStor NVRs potentially exposes organizations to significant operational risk. The ability for authenticated users to execute arbitrary commands could lead to unauthorized access to sensitive information and disruption of services.

The blast radius for this vulnerability is substantial, as it affects multiple legacy models of the QNAP VioStor NVR. Organizations must assess their exposure and take immediate action to mitigate potential exploitation.

The urgency for remediation is critical, given the high CVSS score and the potential for known exploitation as indicated by its inclusion in the KEV catalog. Organizations should act swiftly to patch or upgrade their systems.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	Yes
Ransomware Use	No

Affected Versions

The vulnerability affects all versions of QVR Firmware 4.x. Organizations should upgrade to QVR Firmware 5.0.0 or later to mitigate the risk associated with this vulnerability.

Mitigation & Remediation

To secure systems against CVE-2023-47565, organizations must apply the latest firmware updates provided by QNAP. Specifically, upgrading to QVR Firmware 5.0.0 or later is essential to eliminate this vulnerability.

In the absence of immediate patching, organizations may consider implementing network segmentation to limit access to vulnerable systems. Monitoring for unusual command executions and setting up alerts could provide additional layers of defense.

Further details on the mitigation steps can be found in the QNAP security advisory. Organizations are encouraged to consult the advisory for comprehensive guidance.

In conclusion, addressing CVE-2023-47565 is crucial for maintaining a secure environment. Organizations must take proactive steps to mitigate risks and safeguard their systems.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2023-47565: High Vulnerability in QNAP VioStor NVR