CVE-2018-0708

EPSS 26.3%

Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.

Affected products

QNAP · Q'center Virtual Appliance

public PoCs found — 4

githubgithub.com/ntkernel0/CVE-2019-0708★ 1 cve_referencepacketstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.htmlunverified cve_referencewww.exploit-db.com/exploits/45015/unverified exploitdbwww.exploit-db.com/exploits/45015unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html http://seclists.org/fulldisclosure/2018/Jul/45 https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities https://www.exploit-db.com/exploits/45015/https://www.qnap.com/zh-tw/security-advisory/nas-201807-10 https://www.securityfocus.com/archive/1/542141/100/0/threaded