CVE-2017-5227
CVE-2017-5227
QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration file.
Affected products
n/a · n/apublic PoCs found — 2
cve_referencewww.exploit-db.com/exploits/41745/unverifiedexploitdbwww.exploit-db.com/exploits/41745unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://www.exploit-db.com/exploits/41745/https://www.qnap.com/en/support/con_show.php?cid=113https://www.qnap.com/en-us/releasenotes/http://www.securityfocus.com/bid/97056http://www.securityfocus.com/bid/97072http://www.securitytracker.com/id/1038091http://www.ush.it/team/ush/hack-qnap/qnap.txt