Multiple remote code execution vulnerabilities in QNAP QTS
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2017-17027 CVE-2017-17028 CVE-2017-17029 CVE-2017-17030 CVE-2017-17031 CVE-2017-17032 CVE-2017-17033 |
| CWE-ID | CWE-119 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
QNAP QTS Server applications / File servers (FTP/HTTP) |
| Vendor | QNAP Systems, Inc. |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Buffer overflow
EUVDB-ID: #VU9674
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-17027
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error. A remote unauthenticated attacker can trigger memory corruption and execute arbitrary code on NAS devices.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate to version 4.2.6 build 20171208, 4.3.3.0396 build 20171205, 4.3.4.0411 (Beta 3) build 20171208.
QNAP QTS: 4.2.6 20170517 - 4.3.4.0387 Beta 2 20171116
CPE2.3- cpe:2.3:a:qnap_systems:qnap_qts:4.2.6:20171026:*:*:*:*:*:*
- cpe:2.3:a:qnap_systems:qnap_qts:4.3.4.0387:Beta_2_20171116:*:*:*:*:*:*
https://www.qnap.com/en/security-advisory/nas-201712-15
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU9675
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-17028
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error. A remote unauthenticated attacker can trigger memory corruption and execute arbitrary code on NAS devices.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate to version 4.2.6 build 20171208, 4.3.3.0396 build 20171205, 4.3.4.0411 (Beta 3) build 20171208.
QNAP QTS: 4.2.6 20170517 - 4.3.4.0387 Beta 2 20171116
CPE2.3- cpe:2.3:a:qnap_systems:qnap_qts:4.2.6:20171026:*:*:*:*:*:*
- cpe:2.3:a:qnap_systems:qnap_qts:4.3.4.0387:Beta_2_20171116:*:*:*:*:*:*
https://www.qnap.com/en/security-advisory/nas-201712-15
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU9676
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-17029
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error. A remote unauthenticated attacker can trigger memory corruption and execute arbitrary code on NAS devices.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate to version 4.2.6 build 20171208, 4.3.3.0396 build 20171205, 4.3.4.0411 (Beta 3) build 20171208.
QNAP QTS: 4.2.6 20170517 - 4.3.4.0387 Beta 2 20171116
CPE2.3- cpe:2.3:a:qnap_systems:qnap_qts:4.2.6:20171026:*:*:*:*:*:*
- cpe:2.3:a:qnap_systems:qnap_qts:4.3.4.0387:Beta_2_20171116:*:*:*:*:*:*
https://www.qnap.com/en/security-advisory/nas-201712-15
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU9677
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-17030
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error. A remote unauthenticated attacker can trigger memory corruption and execute arbitrary code on NAS devices.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate to version 4.2.6 build 20171208, 4.3.3.0396 build 20171205, 4.3.4.0411 (Beta 3) build 20171208.
QNAP QTS: 4.2.6 20170517 - 4.3.4.0387 Beta 2 20171116
CPE2.3- cpe:2.3:a:qnap_systems:qnap_qts:4.2.6:20171026:*:*:*:*:*:*
- cpe:2.3:a:qnap_systems:qnap_qts:4.3.4.0387:Beta_2_20171116:*:*:*:*:*:*
https://www.qnap.com/en/security-advisory/nas-201712-15
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU9678
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-17031
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error. A remote unauthenticated attacker can trigger memory corruption and execute arbitrary code on NAS devices.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate to version 4.2.6 build 20171208, 4.3.3.0396 build 20171205, 4.3.4.0411 (Beta 3) build 20171208.
QNAP QTS: 4.2.6 20170517 - 4.3.4.0387 Beta 2 20171116
CPE2.3- cpe:2.3:a:qnap_systems:qnap_qts:4.2.6:20171026:*:*:*:*:*:*
- cpe:2.3:a:qnap_systems:qnap_qts:4.3.4.0387:Beta_2_20171116:*:*:*:*:*:*
https://www.qnap.com/en/security-advisory/nas-201712-15
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU9679
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-17032
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error. A remote unauthenticated attacker can trigger memory corruption and execute arbitrary code on NAS devices.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate to version 4.2.6 build 20171208, 4.3.3.0396 build 20171205, 4.3.4.0411 (Beta 3) build 20171208.
QNAP QTS: 4.2.6 20170517 - 4.3.4.0387 Beta 2 20171116
CPE2.3- cpe:2.3:a:qnap_systems:qnap_qts:4.2.6:20171026:*:*:*:*:*:*
- cpe:2.3:a:qnap_systems:qnap_qts:4.3.4.0387:Beta_2_20171116:*:*:*:*:*:*
https://www.qnap.com/en/security-advisory/nas-201712-15
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Buffer overflow
EUVDB-ID: #VU9680
Risk: High
CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2017-17033
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error. A remote unauthenticated attacker can trigger memory corruption and execute arbitrary code on NAS devices.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate to version 4.2.6 build 20171208, 4.3.3.0396 build 20171205, 4.3.4.0411 (Beta 3) build 20171208.
QNAP QTS: 4.2.6 20170517 - 4.3.4.0387 Beta 2 20171116
CPE2.3- cpe:2.3:a:qnap_systems:qnap_qts:4.2.6:20171026:*:*:*:*:*:*
- cpe:2.3:a:qnap_systems:qnap_qts:4.3.4.0387:Beta_2_20171116:*:*:*:*:*:*
https://www.qnap.com/en/security-advisory/nas-201712-15
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
