Lucene search
Thalium teamZDI-24-476HistoryMay 19, 2024 - 12:00 a.m.
(Pwn2Own) QNAP TS-464 HLS_tmp Directory Traversal Arbitrary File Creation Vulnerability
2024-05-1900:00:00
Thalium team
www.zerodayinitiative.com
15
remote attackers
qnap ts-464
arbitrary code execution
authentication bypass
directory traversal
file creation
This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the HLS_tmp parameter provided to the share.cgi endpoint. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to create or modify files in the context of admin.
Related
cvelist
cvelist
CVE-2023-51365 QTS, QuTS hero, QuTScloud
2024-04-26 15:01:04
cve
cve
CVE-2023-51365
2024-04-26 15:15:48
nvd
nvd
CVE-2023-51365
2024-04-26 15:15:48
openvas
openvas
QNAP QTS Multiple Path Traversal Vulnerabilities (QSA-24-14)
2024-04-29 00:00:00
QNAP QuTS hero Multiple Path Traversal Vulnerabilities (QSA-24-14)
2024-04-29 00:00:00
QNAP QuTScloud Multiple Vulnerabilities (qsa-24-14 & qsa-24-16)
2024-04-29 00:00:00