Lucene search
Tri and Bien Pham (@bienpnn) from Team Orca of Sea SecurityZDI-24-474HistoryMay 19, 2024 - 12:00 a.m.
(Pwn2Own) QNAP TS-464 Exposed Dangerous Method Privilege Escalation Vulnerability
2024-05-1900:00:00
Tri and Bien Pham (@bienpnn) from Team Orca of Sea Security
www.zerodayinitiative.com
10
pwn2own
qnap
ts-464
exposed dangerous method
privilege escalation
vulnerability
authentication
privwizard.cgi
arbitrary code
root
This vulnerability allows remote attackers to escalate privileges on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the privWizard.cgi endpoint. The issue results from an exposed dangerous method. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.
Related
zdi
zdi
vulnrichment
vulnrichment
CVE-2024-32766 QTS, QuTS hero, QuTScloud
2024-04-26 15:00:43
cvelist
cvelist
CVE-2024-32766 QTS, QuTS hero, QuTScloud
2024-04-26 15:00:43
nvd
nvd
CVE-2024-32766
2024-04-26 15:15:48
cve
cve
CVE-2024-32766
2024-04-26 15:15:48