CVE-2018-0707
CVE-2018-0707
Command injection vulnerability in change password of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
Affected products
QNAP · Q'center Virtual Appliancepublic PoCs found — 5
cve_referencepacketstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.htmlunverifiedcve_referencewww.exploit-db.com/exploits/45015/unverifiedcve_referencewww.exploit-db.com/exploits/45043/unverifiedexploitdbwww.exploit-db.com/exploits/45015unverifiedexploitdbwww.exploit-db.com/exploits/45043unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.htmlhttp://seclists.org/fulldisclosure/2018/Jul/45https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilitieshttps://www.exploit-db.com/exploits/45015/https://www.exploit-db.com/exploits/45043/https://www.qnap.com/zh-tw/security-advisory/nas-201807-10https://www.securityfocus.com/archive/1/542141/100/0/threaded