This security advisory describes one critical risk vulnerability.
CVSSv3.1: 9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:U/RC:C] [PCI]
Exploit availability: NoDescription
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within DLNA server. A remote non-authenticated attacker can connect to the DLNA server on port 8200/tcp and use a specially crafted request to create arbitrary files on the system. The vulnerability can lead to remote code execution.Mitigation
It is unclear, if the vulnerability was fixed in the latest release of QNAP QTS 184.108.40.2060 Build 20210322, therefore treating it for the moment as unpatched.Vulnerable software versions
QNAP QTS: 4.3.6.0805 20181228, 4.3.6.0895 20190328, 4.3.6.0907 20190409, 4.3.6.0923 20190425, 4.3.6.0944 20190516, 4.3.6.0959 20190531, 4.3.6.0979 20190620, 4.3.6.0993 20190704, 220.127.116.113 20190724, 18.104.22.1683 20190813, 22.214.171.1240 20190919, 126.96.36.1994 20191212, 188.8.131.528 20200214, 184.108.40.2063 20200330, 220.127.116.116 20200422, 18.104.22.1683 20200608, 22.214.171.1241 20200825, 126.96.36.1996 20200929CPE
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.