CVE-2023-47222 - Vulnerability Details - OpenCVE

An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Qnap	Media Streaming Add-on

Configuration 1 [-]

cpe:2.3:a:qnap:media_streaming_add-on:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.qnap.com/en/security-advisory/qsa-24-15

History

Fri, 05 Dec 2025 21:30:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:2.3:a:qnap:media_streaming_add-on::::::::

MITRE

Status: PUBLISHED

Assigner: qnap

Published: 2024-04-26T15:01:27.370Z

Updated: 2024-08-02T21:01:22.689Z

Reserved: 2023-11-03T09:47:36.054Z

Link: CVE-2023-47222

Vulnrichment

Updated: 2024-04-29T19:32:49.046Z

NVD

Status : Analyzed

Published: 2024-04-26T15:15:46.870

Modified: 2025-12-05T21:26:21.367

Link: CVE-2023-47222

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-47222", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "state": "PUBLISHED", "assignerShortName": "qnap", "dateReserved": "2023-11-03T09:47:36.054Z", "datePublished": "2024-04-26T15:01:27.370Z", "dateUpdated": "2024-08-02T21:01:22.689Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Media Streaming add-on ", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "500.1.1.5 ( 2024/01/22 )", "status": "affected", "version": "500.1.x", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "YingMuo (@YingMuo), working with DEVCORE Internship Program"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security of the system via a network.<br><br>We have already fixed the vulnerability in the following version:<br>Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later<br>"}], "value": "An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security of the system via a network.\n\nWe have already fixed the vulnerability in the following version:\nMedia Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later\n"}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115"}]}, {"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126"}]}, {"capecId": "CAPEC-497", "descriptions": [{"lang": "en", "value": "CAPEC-497"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE"}, {"cweId": "CWE-22", "description": "CWE-22", "lang": "en", "type": "CWE"}, {"cweId": "CWE-287", "description": "CWE-287", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2024-04-26T15:01:27.370Z"}, "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-24-15"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "We have already fixed the vulnerability in the following version:<br>Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later<br>"}], "value": "We have already fixed the vulnerability in the following version:\nMedia Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later\n"}], "source": {"advisory": "QSA-24-15", "discovery": "EXTERNAL"}, "title": "Media Streaming add-on", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-47222", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-29T19:31:27.928889Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:qnap:media_streaming_add-on:500.0.0.0:*:*:*:*:*:*:*"], "vendor": "qnap", "product": "media_streaming_add-on", "versions": [{"status": "affected", "version": "500.1.x"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:26:32.940Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:01:22.689Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-24-15", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-47222", "assignerOrgId": "2fd009eb-170a-4625-932b-17a53af1051f", "state": "PUBLISHED", "assignerShortName": "qnap", "dateReserved": "2023-11-03T09:47:36.054Z", "datePublished": "2024-04-26T15:01:27.370Z", "dateUpdated": "2024-06-04T17:26:32.940Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Media Streaming add-on ", "vendor": "QNAP Systems Inc.", "versions": [{"lessThan": "500.1.1.5 ( 2024/01/22 )", "status": "affected", "version": "500.1.x", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "YingMuo (@YingMuo), working with DEVCORE Internship Program"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security of the system via a network.<br><br>We have already fixed the vulnerability in the following version:<br>Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later<br>"}], "value": "An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security of the system via a network.\n\nWe have already fixed the vulnerability in the following version:\nMedia Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later\n"}], "impacts": [{"capecId": "CAPEC-115", "descriptions": [{"lang": "en", "value": "CAPEC-115"}]}, {"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126"}]}, {"capecId": "CAPEC-497", "descriptions": [{"lang": "en", "value": "CAPEC-497"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200", "lang": "en", "type": "CWE"}, {"cweId": "CWE-22", "description": "CWE-22", "lang": "en", "type": "CWE"}, {"cweId": "CWE-287", "description": "CWE-287", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "2fd009eb-170a-4625-932b-17a53af1051f", "shortName": "qnap", "dateUpdated": "2024-04-26T15:01:27.370Z"}, "references": [{"url": "https://www.qnap.com/en/security-advisory/qsa-24-15"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "We have already fixed the vulnerability in the following version:<br>Media Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later<br>"}], "value": "We have already fixed the vulnerability in the following version:\nMedia Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later\n"}], "source": {"advisory": "QSA-24-15", "discovery": "EXTERNAL"}, "title": "Media Streaming add-on", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-47222", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-29T19:31:27.928889Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:qnap:media_streaming_add-on:500.0.0.0:*:*:*:*:*:*:*"], "vendor": "qnap", "product": "media_streaming_add-on", "versions": [{"status": "affected", "version": "500.1.x"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-29T19:32:49.046Z"}, "title": "CISA ADP Vulnrichment"}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qnap:media_streaming_add-on:*:*:*:*:*:*:*:*", "matchCriteriaId": "29AD5059-0F42-4E41-BB4E-84C1B8FC1A98", "versionEndExcluding": "500.1.1.5", "versionStartIncluding": "500.1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An exposure of sensitive information vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow users to compromise the security of the system via a network.\n\nWe have already fixed the vulnerability in the following version:\nMedia Streaming add-on 500.1.1.5 ( 2024/01/22 ) and later\n"}, {"lang": "es", "value": "Se ha informado que una vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial afecta al complemento Media Streaming. Si se explota, la vulnerabilidad podr\u00eda permitir a los usuarios comprometer la seguridad del sistema a trav\u00e9s de una red. Ya hemos solucionado la vulnerabilidad en la siguiente versi\u00f3n: complemento Media Streaming 500.1.1.5 (2024/01/22) y posteriores"}], "id": "CVE-2023-47222", "lastModified": "2025-12-05T21:26:21.367", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 6.0, "source": "security@qnapsecurity.com.tw", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-04-26T15:15:46.870", "references": [{"source": "security@qnapsecurity.com.tw", "tags": ["Vendor Advisory"], "url": "https://www.qnap.com/en/security-advisory/qsa-24-15"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.qnap.com/en/security-advisory/qsa-24-15"}], "sourceIdentifier": "security@qnapsecurity.com.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-200"}, {"lang": "en", "value": "CWE-287"}], "source": "security@qnapsecurity.com.tw", "type": "Secondary"}]}