QNAP QTS 4.2.x XSS / Command Injection / Transport Issues

Posted by deepcore on February 18, 2017 – 8:03 pm

QNAP QTS firmware contain missing transport layer security, improper certificate validation, command injection, cross site scripting, and information disclosure vulnerabilities that can be exploited to gain remote command execution to the devices or to perform arbitrary administrative functions, and to gain unauthorized access to user’s myQNAPcloud credentials.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Arbitrary File Write dotCMS 3.6.1 Blind Boolean SQL Injection »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

QNAP QTS 4.2.x XSS / Command Injection / Transport Issues

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL