Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Active Exploitation of Zero-Day Vulnerability in QNAP VioStor Network Video Recorder (NVR)
Alerts

Active Exploitation of Zero-Day Vulnerability in QNAP VioStor Network Video Recorder (NVR)

18 December 2023

QNAP has released security updates to address a zero-day vulnerability (CVE-2023-47565) in their NVR products. The vulnerability is reportedly being actively exploited.

Successful exploitation of the OS command injection vulnerability could allow an authenticated attacker to execute commands via a network.

This vulnerability affects legacy QNAP VioStor NVR products running QVR firmware 4.x.

Users and administrators of the affected products are advised to update to the latest version immediately.

More information is available here:

https://www.akamai.com/blog/security-research/new-rce-botnet-spreads-mirai-via-zero-days

https://www.qnap.com/en/security-advisory/qsa-23-48

https://nvd.nist.gov/vuln/detail/CVE-2023-47565

Back to top