{"cve":{"cve_id":"CVE-2023-34971","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00094,"epss_percentile":0.0078,"epss_as_of":"2026-06-23","description":"An inadequate encryption strength vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows local network clients to decrypt the data using brute force attacks via unspecified vectors.\n\nWe have already fixed the vulnerability in the following versions:\nQTS 5.0.1.2425 build 20230609 and later\nQTS 5.1.0.2444 build 20230629 and later\nQTS 4.5.4.2467 build 20230718 and later\nQuTS hero h5.1.0.2424 build 20230609 and later\nQuTS hero h4.5.4.2476 build 20230728 and later\n","published_at":"2023-08-24T16:14:56.611000Z","last_modified_at":null,"cvss_v3_score":7.1,"cvss_v3_vector":"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":"none","ssvc_automatable":false,"ssvc_technical_impact":"total","cwes":["CWE-326"],"nvd_references":["https://www.qnap.com/en/security-advisory/qsa-23-60"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-29T01:32:48.307488Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"A","value_label":"Adjacent"},{"metric":"AC","name":"Attack Complexity","value":"H","value_label":"High"},{"metric":"PR","name":"Privileges Required","value":"N","value_label":"None"},{"metric":"UI","name":"User Interaction","value":"R","value_label":"Required"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"qnap-systems-inc.","vendor_name":"QNAP Systems Inc.","product_slug":"qts","product_name":"QTS","version_start":"5.0.*","version_start_inclusive":true,"version_end":"5.0.1.2425 build 20230609","version_end_inclusive":false,"cpe23_uri":"cve5:qnap-systems-inc.:qts:5.0.*:5.0.1.2425 build 20230609"},{"vendor_slug":"qnap-systems-inc.","vendor_name":"QNAP Systems Inc.","product_slug":"qts","product_name":"QTS","version_start":"5.1.*","version_start_inclusive":true,"version_end":"5.1.0.2444 build 20230629","version_end_inclusive":false,"cpe23_uri":"cve5:qnap-systems-inc.:qts:5.1.*:5.1.0.2444 build 20230629"},{"vendor_slug":"qnap-systems-inc.","vendor_name":"QNAP Systems Inc.","product_slug":"qts","product_name":"QTS","version_start":"4.5.*","version_start_inclusive":true,"version_end":"4.5.4.2467 build 20230718","version_end_inclusive":false,"cpe23_uri":"cve5:qnap-systems-inc.:qts:4.5.*:4.5.4.2467 build 20230718"},{"vendor_slug":"qnap-systems-inc.","vendor_name":"QNAP Systems Inc.","product_slug":"quts-hero","product_name":"QuTS hero","version_start":"h5.1.*","version_start_inclusive":true,"version_end":"h5.1.0.2424 build 20230609","version_end_inclusive":false,"cpe23_uri":"cve5:qnap-systems-inc.:quts-hero:h5.1.*:h5.1.0.2424 build 20230609"},{"vendor_slug":"qnap-systems-inc.","vendor_name":"QNAP Systems Inc.","product_slug":"quts-hero","product_name":"QuTS hero","version_start":"h4.5.*","version_start_inclusive":true,"version_end":"h4.5.4.2476 build 20230728","version_end_inclusive":false,"cpe23_uri":"cve5:qnap-systems-inc.:quts-hero:h4.5.*:h4.5.4.2476 build 20230728"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.qnap.com/en/security-advisory/qsa-23-60","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2023-08-24T16:14:56.611000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:28:48.844579Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:28:48.844579Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:28:48.844579Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"ssvc_changed","at":"2026-06-29T01:32:48.307488Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:32:48.307488Z","label":"SSVC decision revised","source":"vulnrichment"},{"type":"ssvc_changed","at":"2026-06-29T01:32:48.307488Z","label":"SSVC decision revised","source":"vulnrichment"}]}