CVE-2023-47568

8.8 HIGH

SQL Injection

📋 TL;DR

This SQL injection vulnerability in QNAP operating systems allows authenticated users to execute arbitrary SQL commands via network requests. It affects multiple QNAP OS versions and could lead to data theft, system compromise, or lateral movement within the network.

💻 Affected Systems

Products:

QTS
QuTS hero
QuTScloud

Versions: All versions before the fixed versions listed in the advisory

Operating Systems: QNAP operating systems

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access, but many QNAP devices have default or weak credentials.

📦 What is this software?

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Qts by Qnap

View all CVEs affecting Qts →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Quts Hero by Qnap

View all CVEs affecting Quts Hero →

Qutscloud by Qnap

View all CVEs affecting Qutscloud →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise leading to data exfiltration, ransomware deployment, or complete control of the QNAP device and connected systems.

🟠

Likely Case

Data theft, privilege escalation, or unauthorized access to sensitive information stored on the QNAP device.

🟢

If Mitigated

Limited impact if proper network segmentation, authentication controls, and input validation are in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

SQL injection vulnerabilities are commonly exploited once details become public.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: QTS 5.1.5.2645, QTS 4.5.4.2627, QuTS hero h5.1.5.2647, QuTS hero h4.5.4.2626, QuTScloud c5.1.5.2651

Vendor Advisory: https://www.qnap.com/en/security-advisory/qsa-24-05

Restart Required: Yes

Instructions:

1. Log into QNAP web interface. 2. Go to Control Panel > System > Firmware Update. 3. Check for updates and install the latest version. 4. Reboot the device after update completes.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to QNAP devices to only trusted internal networks.

Strong Authentication

all

Enforce strong passwords and multi-factor authentication for all QNAP user accounts.

🧯 If You Can't Patch

Implement strict network access controls to limit who can reach the QNAP device
Monitor for unusual SQL queries or authentication attempts in system logs

🔍 How to Verify

Check if Vulnerable:

Check current QNAP OS version in Control Panel > System > Firmware Update

Check Version:

ssh admin@qnap-ip 'cat /etc/config/uLinux.conf | grep Version'

Verify Fix Applied:

Verify the installed version matches or exceeds the fixed versions listed in the advisory

📡 Detection & Monitoring

Log Indicators:

Unusual SQL query patterns in application logs
Multiple failed authentication attempts followed by successful login

Network Indicators:

Unusual outbound connections from QNAP device
SQL injection patterns in HTTP requests

SIEM Query:

source="qnap_logs" AND (event_type="sql_error" OR event_type="authentication_failure")

📊 Metadata

CVE ID: CVE-2023-47568

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: February 2, 2024

Last Updated: November 21, 2024

🔗 References

https://www.qnap.com/en/security-advisory/qsa-24-05 Vendor Advisory
https://www.qnap.com/en/security-advisory/qsa-24-05 Vendor Advisory