Vulnerabilities > CVE-2018-0706 - Unspecified vulnerability in Qnap Q'Center
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 11 |
Exploit-Db
description QNAP Q'Center - change_passwd Command Execution (Metasploit). CVE-2018-0706,CVE-2018-0707. Remote exploit for Linux platform. Tags: Metasploit Framework (MSF... file exploits/linux/remote/45043.rb id EDB-ID:45043 last seen 2018-07-17 modified 2018-07-17 platform linux port 443 published 2018-07-17 reporter Exploit-DB source https://www.exploit-db.com/download/45043/ title QNAP Q'Center - change_passwd Command Execution (Metasploit) type remote description QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities. CVE-2018-0706,CVE-2018-0707,CVE-2018-0708,CVE-2018-0709,CVE-2018-0710. Webapps exploit for Hardwar... file exploits/hardware/webapps/45015.txt id EDB-ID:45015 last seen 2018-07-13 modified 2018-07-13 platform hardware port 443 published 2018-07-13 reporter Exploit-DB source https://www.exploit-db.com/download/45015/ title QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities type webapps
Metasploit
description | This module exploits a command injection vulnerability in the `change_passwd` API method within the web interface of QNAP Q'Center virtual appliance versions prior to 1.7.1083. The vulnerability allows the 'admin' privileged user account to execute arbitrary commands as the 'admin' operating system user. Valid credentials for the 'admin' user account are required, however, this module also exploits a separate password disclosure issue which allows any authenticated user to view the password set for the 'admin' user during first install. This module has been tested successfully on QNAP Q'Center appliance version 1.6.1075. |
id | MSF:EXPLOIT/LINUX/HTTP/QNAP_QCENTER_CHANGE_PASSWD_EXEC |
last seen | 2020-06-14 |
modified | 2019-01-10 |
published | 2018-07-12 |
references |
|
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/linux/http/qnap_qcenter_change_passwd_exec.rb |
title | QNAP Q'Center change_passwd Command Execution |
Packetstorm
data source https://packetstormsecurity.com/files/download/148579/qnap_qcenter_change_passwd_exec.rb.txt id PACKETSTORM:148579 last seen 2018-07-17 published 2018-07-17 reporter Ivan Huertas source https://packetstormsecurity.com/files/148579/QNAP-QCenter-change_passwd-Command-Execution.html title QNAP Q'Center change_passwd Command Execution data source https://packetstormsecurity.com/files/download/148515/CORE-2018-0006.txt id PACKETSTORM:148515 last seen 2018-07-13 published 2018-07-11 reporter Core Security Technologies source https://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html title QNAP Qcenter Virtual Appliance 1.6.x Information Disclosure / Command Injection
References
- http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html
- http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html
- http://seclists.org/fulldisclosure/2018/Jul/45
- http://seclists.org/fulldisclosure/2018/Jul/45
- https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities
- https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities
- https://www.exploit-db.com/exploits/45015/
- https://www.exploit-db.com/exploits/45015/
- https://www.exploit-db.com/exploits/45043/
- https://www.exploit-db.com/exploits/45043/
- https://www.qnap.com/zh-tw/security-advisory/nas-201807-10
- https://www.qnap.com/zh-tw/security-advisory/nas-201807-10
- https://www.securityfocus.com/archive/1/542141/100/0/threaded
- https://www.securityfocus.com/archive/1/542141/100/0/threaded