Date published: 2017-09-14T11:29:00.263-04:00
Date last modified: 2017-09-26T13:26:40.067-04:00
CVSS Score: 7.5
Principal attack vector: NETWORK
Reference URL: https://www.qnap.com/zh-hk/releasenotes/
Summary: QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNAP NAS using a transcoding service on port 9251. A remote user does not require any privileges to successfully execute an attack.