5 matches found
The vulnerability in the get_file_size function of the share.cgi file on QTS, QuTS hero, and QuTScloud operating systems, as well as on Qnap network devices, allows a hacker to execute arbitrary code.
The vulnerability of the getfilesize function in the share.cgi file of QTS, QuTS, Hero, and QuTScloud operating systems, as well as QNAP network devices, is related to the possibility of buffer overflow based on a stack-based mechanism. Exploiting this vulnerability allows a remote attacker to...
PT-2023-9122 · Qnap · Qts +1
Name of the Vulnerable Software and Affected Versions: QTS versions prior to 5.1.7.2770 build 20240520 QuTS hero versions prior to h5.1.7.2770 build 20240520 Description: The issue is related to a buffer copy without checking the size of the input, which can lead to a stack overflow. This allows...
ASUSTOR ADM Information Disclosure Vulnerability (CNVD-2018-26926)
ASUSTOR ADM is an operating system from ASUSTOR dedicated to ASUSTOR NAS storage devices. An information disclosure vulnerability exists in the share.cgi file in ASUSTOR ADM version 3.1.1, which can be exploited by an attacker to obtain a key with the help of the 'encryptkey' URL parameter...
CVE-2018-12308
Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 allows attackers to obtain the encryption key via the "encryptkey" URL parameter...
CVE-2018-12308
ASUSTOR ADM 3.1.1 is affected by an information disclosure in share.cgi that allows an attacker to obtain the encryption key via the encrypt_key URL parameter. The root cause is a flaw in how share.cgi handles the key, enabling unauthorized access to the encryption key and potential compromise of...