πŸ” CVE Alert

CVE-2023-47565

HIGH 8.0 ⚠️ CISA KEV

Legacy VioStor NVR

CVSS Score
8.0
EPSS Score
0.0%
EPSS Percentile
0th

An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QVR Firmware 5.0.0Β and later

CWE CWE-78
Vendor qnap systems inc.
Product viostor nvr
Published Dec 8, 2023
Last Updated Oct 21, 2025
⚠️ Actively Exploited β€” Act Now

Get instant alerts for qnap systems inc. viostor nvr

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2023-47565.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

QNAP Systems Inc. / VioStor NVR
4.x < 5.0.0

References

NVD β†— CVE.org β†— EPSS Data β†—
qnap.com: https://www.qnap.com/en/security-advisory/qsa-23-48 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-47565

Credits

Chad Seaman and Larry Cashdollar of Akamai Technologies reported this vulnerability to CISA