4 matches found
Qnap QTS Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2017-17031)
A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 Beta 2 build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. This plugin only works with Tenable.ot. Please visit...
Pre-auth Remote Code Execution exploit for QNAP QTS
!/usr/bin/env python -- coding: iso-8859-15 -- Pre-auth Remote Code Execution exploit for QNAP QTS 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 Beta 2 build 2017111 Just a quick dirty RCE PoC to make your QNAP sing "XMAS" in morse. Author: Andrea Palazzo @cogitoergor00t E-mail:...
CVE-2017-17031
CVE-2017-17031 affects QNAP QTS. A pre-auth, remote code execution flaw exists due to a stack-based buffer overflow in the change_password.cgi path, caused by improper handling of the OLD_PASSWORD parameter. Affected are QTS 4.2.6 (build 20171026), 4.3.3.0378 (build 20171117), 4.3.4.0387 Beta 2 (...
QNAP QTS < 4.2.6 build 20171208, 4.3.3.x < 4.3.3.0396 build 20171205, 4.3.4.x < 4.3.4.0411 build 20171208 Multiple Vulnerabilities
QNAP QTS is vulnerable to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts"; ifdescription...