Security News > 2024 > May > QNAP QTS zero-day in Share feature gets public RCE exploit
The above bugs impact QTS, the NAS operating system on QNAP devices, QuTScloud, the VM-optimized version of QTS, and QTS hero, a specialized version focused on high performance.
QNAP has addressed CVE-2023-50361 through CVE-2023-50364 in a security update released in April 2024, in versions QTS 5.1.6.2722 build 20240402 and later, and QuTS hero h5.1.6.2734 build 20240414 and later.
To exploit CVE-2024-27130, the attacker needs a valid 'ssid' parameter, which is generated when a NAS user shares a file from their QNAP device.
WatchTowr published an exploit on GitHub, in which they demonstrate how to craft a payload that creates a 'watchtowr' account to a QNAP device and adds them to the sudoers for elevated privileges.
Exploit released for Fortinet RCE bug used in attacks, patch now.
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers.
News URL
Related news
- ⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- CISA Warns of Sitecore RCE Flaws; Active Exploits Hit Next.js and DrayTek Devices (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- CentreStack RCE exploited as zero-day to breach file sharing servers (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- ⚡ THN Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-21 | CVE-2024-27130 | Unspecified vulnerability in Qnap QTS and Quts Hero A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. | 8.8 |
| 2024-04-26 | CVE-2023-50364 | Unspecified vulnerability in Qnap QTS and Quts Hero A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. | 8.8 |
| 2024-04-26 | CVE-2023-50361 | Unspecified vulnerability in Qnap QTS and Quts Hero A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. | 8.8 |