CVE-2017-13067

Summary

QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNAP NAS using a transcoding service on port 9251. A remote user does not require any privileges to successfully execute an attack.

Affected Software

VendorProductVersion RangeStatus
QNAPQTS Media Libary PRODUCTprior to 4.2.6 build 20170905affected
QNAPQTS Media Libary PRODUCTprior to 4.3.3.0299 build 20170901affected

Weaknesses

  • remote code execution

ADP Enrichment

CVE Program Container

Additional References

References