Login Sign Up

CVE-2023-23365

7.7 HIGH
Path Traversal

📋 TL;DR

This path traversal vulnerability in QNAP Music Station allows authenticated users to access files outside the intended directory by manipulating file paths. It affects users running vulnerable versions of Music Station, potentially exposing sensitive system files and data.

💻 Affected Systems

Products:
  • QNAP Music Station
Versions: Versions before 5.3.22
Operating Systems: QTS (QNAP Turbo NAS operating system)
Default Config Vulnerable: ⚠️ Yes
Notes: Affects QNAP NAS devices running vulnerable Music Station versions. Requires authenticated access to exploit.

📦 What is this software?

Music Station by Qnap

View all CVEs affecting Music Station →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive system files, configuration files, or user data, leading to complete system compromise or data exfiltration.

🟠

Likely Case

Authenticated users accessing files they shouldn't have permission to view, potentially exposing configuration files or other sensitive data.

🟢

If Mitigated

Limited file access within the intended directory structure with proper authentication and authorization controls.

🌐 Internet-Facing: HIGH if Music Station is exposed to the internet, as authenticated users could exploit it remotely.
🏢 Internal Only: MEDIUM as it still requires authenticated access but could be exploited by malicious insiders or compromised accounts.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Path traversal vulnerabilities typically have low exploitation complexity once authentication is bypassed or obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Music Station 5.3.22 and later

Vendor Advisory: https://www.qnap.com/en/security-advisory/qsa-23-28

Restart Required: Yes

Instructions:

1. Log into QNAP QTS web interface. 2. Go to App Center. 3. Check for updates for Music Station. 4. Update to version 5.3.22 or later. 5. Restart the Music Station service or the NAS device.

🔧 Temporary Workarounds

Disable Music Station

all

Temporarily disable Music Station until patching is possible

Log into QTS > App Center > Music Station > Stop/Disable

Restrict network access

all

Limit access to Music Station to trusted networks only

Configure firewall rules to restrict Music Station port access

🧯 If You Can't Patch

  • Implement strict access controls and monitor for suspicious file access patterns
  • Segment network to isolate Music Station from sensitive systems and data

🔍 How to Verify

Check if Vulnerable:

Check Music Station version in QTS App Center. If version is below 5.3.22, the system is vulnerable.

Check Version:

Check via QTS web interface: App Center > Music Station > Version

Verify Fix Applied:

Verify Music Station version is 5.3.22 or higher in App Center after update.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns in Music Station logs
  • Multiple failed path traversal attempts
  • Access to files outside expected Music Station directories

Network Indicators:

  • Unusual HTTP requests with path traversal patterns (../ sequences)
  • Requests to unexpected file paths

SIEM Query:

source="music_station_logs" AND ("..\/" OR "%2e%2e%2f" OR path_traversal_patterns)

📊 Metadata

CVE ID: CVE-2023-23365
CVSS v3 Score: 7.7 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CWE: CWE-22
Published: October 6, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-23365, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)