Security News > 2024 > May > QNAP QTS zero-day in Share feature gets public RCE exploit

QNAP QTS zero-day in Share feature gets public RCE exploit
2024-05-20 14:57

The above bugs impact QTS, the NAS operating system on QNAP devices, QuTScloud, the VM-optimized version of QTS, and QTS hero, a specialized version focused on high performance.

QNAP has addressed CVE-2023-50361 through CVE-2023-50364 in a security update released in April 2024, in versions QTS 5.1.6.2722 build 20240402 and later, and QuTS hero h5.1.6.2734 build 20240414 and later.

To exploit CVE-2024-27130, the attacker needs a valid 'ssid' parameter, which is generated when a NAS user shares a file from their QNAP device.

WatchTowr published an exploit on GitHub, in which they demonstrate how to craft a payload that creates a 'watchtowr' account to a QNAP device and adds them to the sudoers for elevated privileges.

Exploit released for Fortinet RCE bug used in attacks, patch now.

PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers.


News URL

https://www.bleepingcomputer.com/news/security/qnap-qts-zero-day-in-share-feature-gets-public-rce-exploit/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-05-21 CVE-2024-27130 Unspecified vulnerability in Qnap QTS and Quts Hero
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions.
network
low complexity
qnap
8.8
2024-04-26 CVE-2023-50364 Unspecified vulnerability in Qnap QTS and Quts Hero
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions.
network
low complexity
qnap
8.8
2024-04-26 CVE-2023-50361 Unspecified vulnerability in Qnap QTS and Quts Hero
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions.
network
low complexity
qnap
8.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Qnap 79 4 95 122 76 297