4 matches found
Qnap QTS Improper Restriction of Operations within the Bounds of a Memory Buffer (CVE-2017-17033)
A buffer overflow vulnerability in password function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 Beta 2 build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices. This plugin only works with Tenable.ot. Please visit...
CVE-2017-17033
QNAP QTS CVE-2017-17033 is a stack-based buffer overflow in the password handling of QTS web interfaces (authLogin.cgi/sysinfoReq.cgi). The root cause is lack of bounds checking when the lang parameter is processed in handle_qpkg(), allowing an attacker to overflow a fixed-size stack buffer and e...
QNAP QTS Unauthenticated Remote Code Execution(CVE-2017-17033)
Vulnerability Summary The following advisory describes a memory corruption vulnerability that can lead to an unauthenticated remote code execution in QNAP QTS versions 4.3.x and 4.2.x, including the 4.3.3.0299. QNAP Systems, Inc. “specializes in providing networked solutions for file sharing,...
QNAP QTS < 4.2.6 build 20171208, 4.3.3.x < 4.3.3.0396 build 20171205, 4.3.4.x < 4.3.4.0411 build 20171208 Multiple Vulnerabilities
QNAP QTS is vulnerable to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts"; ifdescription...