Security News > 2024 > May > 15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130)
Researchers have found 15 vulnerabilities in QNAP's network attached storage devices, and have released a proof-of-concept for one: an unauthenticated stack overflow vulnerability that may be leveraged for remote code execution.
"Given the shared-access model of the NAS device, which permits sharing files with specific users, both authenticated and unauthenticated bugs were of interest to us," they said.
A requirement for a successful attack is knowing the correct ssid parameter to use, and the researchers have figured out how to get it: it can be extracted from a link generated when a NAS user shares a file with a user who doesn't have a NAS account.
"While this limits the usefulness of the bug a little - true unauthenticated bugs are much more fun! - it's a completely realistic attack scenario that a NAS user has shared a file with an untrusted user," they noted.
QNAP NAS devices are popular with small-and-medium sized business, enterprises, as well as ransomware gangs.
The researchers reported the vulnerabilities to QNAP in December 2023 and January 2024, and QNAP has finally begun releasing fixes in April 2024.
News URL
https://www.helpnetsecurity.com/2024/05/21/cve-2024-27130-poc/
Related news
- F5 fixes BIG-IP Next Central Manager flaws with public PoCs (CVE-2024-21793, CVE-2024-26026) (source)
- PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026) (source)
- QNAP Patches New Flaws in QTS and QuTS hero Impacting NAS Appliances (source)
- PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) (source)
- High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683) (source)
- PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800) (source)