Lucene search
LJP (@ljp_tw) and YingMuo (@YingMuo), working with DEVCORE Internship ProgramZDI-24-471HistoryMay 19, 2024 - 12:00 a.m.
(Pwn2Own) QNAP TS-464 authLogin SQL Injection Remote Code Execution Vulnerability
2024-05-1900:00:00
LJP (@ljp_tw) and YingMuo (@YingMuo), working with DEVCORE Internship Program
www.zerodayinitiative.com
15
pwn2own
qnap ts-464
sql injection
remote code execution
authentication bypass
authlogin endpoint
user-supplied string validation
root context
This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the authLogin endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of root.
Related
cve
cve
CVE-2024-21901
2024-03-08 17:15:23
cvelist
cvelist
CVE-2024-21901 myQNAPcloud
2024-03-08 16:17:34
prion
prion
Sql injection
2024-03-08 17:15:00
vulnrichment
vulnrichment
CVE-2024-21901 myQNAPcloud
2024-03-08 16:17:34
nvd
nvd
CVE-2024-21901
2024-03-08 17:15:23
openvas
openvas
QNAP QTS Multiple Vulnerabilities (QSA-24-09)
2024-03-12 00:00:00
QNAP QuTScloud Multiple Vulnerabilities (QSA-24-09)
2024-03-12 00:00:00
QNAP QuTS hero Multiple Vulnerabilities (QSA-24-09)
2024-03-11 00:00:00