QNAP QTS 'sysinfoReq.cgi' Information Disclosure Vulnerability (Apr 2018)

QNAP QTS is prone to an information disclosure vulnerability. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

QNAP QTS sysinfoReq.cgi File Information Disclosure Vulnerability

QNAP QTS is a Turbo NAS operating system from QNAP Systems. The system provides file storage, management, backup, multimedia applications and security monitoring. A security vulnerability exists in QNAP QTS version 4.2.6 build 20171026 and earlier and 4.3.3 build 20170727 and earlier. A remote...

Design/Logic Flaw

QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to obtain potentially sensitive information firmware version and running services via a request to sysinfoReq.cgi...

CVE-2017-7630

QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier allows remote attackers to obtain potentially sensitive information firmware version and running services via a request to sysinfoReq.cgi...

CVE-2017-7630

CVE-2017-7630 affects QNAP QTS 4.2.6 (build 20171026) and QTS 4.3.3 (build 20170727) and earlier. The vulnerability allows remote attackers to disclose potentially sensitive information by requesting sysinfoReq.cgi, specifically firmware version and running services. The connected sources confirm...

QNAP QTS Web sysinfoReq Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of QNAP QTS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the lang parameter provided to the sysinfoReq.cgi endpoint. The issue results...