#VU51880 Improper access control in QNAP QTS

Cybersecurity Help s.r.o.

Published: 2021-04-02

Vulnerability identifier: #VU51880

Vulnerability risk: Critical

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red]

CVE-ID: N/A

CWE-ID: CWE-284

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
QNAP QTS
Server applications / File servers (FTP/HTTP)

Vendor: QNAP Systems, Inc.

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within DLNA server. A remote non-authenticated attacker can connect to the DLNA server on port 8200/tcp and use a specially crafted request to create arbitrary files on the system. The vulnerability can lead to remote code execution.

Mitigation
It is unclear, if the vulnerability was fixed in the latest release of QNAP QTS 4.3.6.1620 Build 20210322, therefore treating it for the moment as unpatched.

Vulnerable software versions

QNAP QTS: 4.3.6.0805 20181228 - 4.3.6.1446 20200929

External links
https://securingsam.com/new-vulnerabilities-allow-complete-takeover/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Security restrictions bypass in QNAP QTS