Lucene search
K

4 matches found

Tenable Nessus
Tenable Nessus
added 2024/10/16 12:0 a.m.11 views

Qnap QTS Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2017-17031)

A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 Beta 2 build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. This plugin only works with Tenable.ot. Please visit...

9.8CVSS9.2AI score0.03284EPSS
Exploits1References3
seebug.org
seebug.org
added 2017/12/26 12:0 a.m.927 views

Pre-auth Remote Code Execution exploit for QNAP QTS

!/usr/bin/env python -- coding: iso-8859-15 -- Pre-auth Remote Code Execution exploit for QNAP QTS 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 Beta 2 build 2017111 Just a quick dirty RCE PoC to make your QNAP sing "XMAS" in morse. Author: Andrea Palazzo @cogitoergor00t E-mail:...

7.5CVSS0.04439EPSS
Exploits2
CVE
CVE
added 2017/12/21 3:0 p.m.53 views

CVE-2017-17031

CVE-2017-17031 affects QNAP QTS. A pre-auth, remote code execution flaw exists due to a stack-based buffer overflow in the change_password.cgi path, caused by improper handling of the OLD_PASSWORD parameter. Affected are QTS 4.2.6 (build 20171026), 4.3.3.0378 (build 20171117), 4.3.4.0387 Beta 2 (...

9.8CVSS9.9AI score0.03284EPSS
Exploits1References2Affected Software1
OpenVAS
OpenVAS
added 2017/12/13 12:0 a.m.167 views

QNAP QTS < 4.2.6 build 20171208, 4.3.3.x < 4.3.3.0396 build 20171205, 4.3.4.x < 4.3.4.0411 build 20171208 Multiple Vulnerabilities

QNAP QTS is vulnerable to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts"; ifdescription...

9.8CVSS8.4AI score0.21408EPSS
Exploits2References4
Rows per page
Query Builder