SSD Advisory – QNAP QTS5 – /usr/lib/libqcloud.so JSON parsing leads to RCE


Summary QTS’s JSON parsing functionality is vulnerable to type confusion due to a failure to properly check the type of the json-object->data field. The bug allows an attacker to hijack control flow, and is accessible via the /cgi-bin/qid/qidRequestV2.cgi binary. Successful exploitation would allow an unauthenticated attacker to execute arbitrary code as the admin user (equivalent … SSD Advisory – QNAP QTS5 – /usr/lib/libqcloud.so JSON parsing leads to RCE Read More »

Source

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *