Login Sign Up

CVE-2023-47565

8.0 HIGH
Remote Code Execution

📋 TL;DR

An OS command injection vulnerability in legacy QNAP VioStor NVR models allows authenticated users to execute arbitrary commands on the system via network requests. This affects QVR Firmware 4.x versions, potentially enabling attackers to gain full control of affected devices.

💻 Affected Systems

Products:
  • QNAP VioStor NVR models
Versions: QVR Firmware 4.x
Operating Systems: QTS-based firmware
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects legacy VioStor models, not newer QVR Pro systems. Requires authenticated access to exploit.

📦 What is this software?

Qvr Firmware by Qnap

View all CVEs affecting Qvr Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing attackers to execute arbitrary commands, install malware, pivot to other network devices, or disrupt surveillance operations.

🟠

Likely Case

Attackers gaining shell access to the NVR system, potentially accessing surveillance footage, modifying recordings, or using the device as a foothold for further network attacks.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent unauthorized users from reaching the vulnerable interface.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

CISA has added this to their Known Exploited Vulnerabilities catalog, indicating active exploitation in the wild.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: QVR Firmware 5.0.0 and later

Vendor Advisory: https://www.qnap.com/en/security-advisory/qsa-23-48

Restart Required: Yes

Instructions:

1. Log into QNAP QTS interface. 2. Navigate to App Center. 3. Check for QVR Firmware updates. 4. Install version 5.0.0 or later. 5. Reboot the device after installation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate VioStor NVR devices from internet and restrict access to authorized management networks only.

Access Control Hardening

all

Implement strict authentication policies, use strong unique passwords, and limit administrative accounts.

🧯 If You Can't Patch

  • Immediately disconnect affected devices from internet access
  • Implement strict network segmentation and firewall rules to limit access to only trusted management IPs

🔍 How to Verify

Check if Vulnerable:

Check QVR Firmware version in QTS App Center or via SSH command: cat /etc/config/uLinux.conf | grep qvr_version

Check Version:

cat /etc/config/uLinux.conf | grep qvr_version

Verify Fix Applied:

Verify firmware version is 5.0.0 or higher using the same command and check that no suspicious processes are running.

📡 Detection & Monitoring

Log Indicators:

  • Unusual command execution in system logs
  • Multiple failed authentication attempts followed by successful login
  • Suspicious process creation from web services

Network Indicators:

  • Unusual outbound connections from NVR device
  • Traffic to known malicious IPs
  • Unexpected SSH or reverse shell connections

SIEM Query:

source="qnap_logs" AND (process="bash" OR process="sh") AND user="httpd" OR source="qnap_logs" AND event="command_injection"

📊 Metadata

CVE ID: CVE-2023-47565
CVSS v3 Score: 8.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-78
Published: December 8, 2023
Last Updated: February 26, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47565, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)