CVE-2017-13067CVE-2017-13067

Affected configuration(s):

cpe:/o:qnap:qts:4.2.6
cpe:/o:qnap:qts:4.3.3.0299

Date published: 2017-09-14T11:29:00.263-04:00

Date last modified: 2017-09-26T13:26:40.067-04:00

CVSS Score: 7.5

Principal attack vector: NETWORK

Complexity:  LOW

Reference URL: https://www.qnap.com/zh-hk/releasenotes/

Summary: QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNAP NAS using a transcoding service on port 9251. A remote user does not require any privileges to successfully execute an attack.

CategoriesUncategorised

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.