CVE-2023-30801

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Oct 10, 2023

Updated: Nov 30, 2023

CWE ID 1392

CWE ID 798

Summary

CVE-2023-30801 is a vulnerability affecting all versions of qBittorrent through 4.5.5. When the web user interface is enabled, the software uses default credentials for authentication, which are not forced to be changed by the administrator. This issue, which has not been addressed in version 4.5.5, allows remote attackers to authenticate and execute arbitrary operating system commands through the "external program" feature in the web user interface. This vulnerability was reportedly exploited in the wild in March 2023.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Qbittorrent

Affected Vendors

Qbittorrent

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/soK1o6
https://www.cve.org/CVERecord?id=CVE-2023-30801
https://nvd.nist.gov/vuln/detail/CVE-2023-30801

Back to Vulnerability Database