Main Vulnerability Database Vulnerabilities #VU16039

Buffer overflow in QNAP QTS - CVE-2018-14749

Published: November 23, 2018

Vulnerability identifier: #VU16039

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-14749

CWE-ID: CWE-120

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: QNAP Systems, Inc.

Affected software:
QNAP QTS

Detailed vulnerability description

The vulnerability allows a remote attacker to cause DoS condition or execute arbitrary code on the target system.

The vulnerability exists due to buffer overflow. A remote attacker can trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

How to mitigate CVE-2018-14749

The vulnerability has been fixed in the versions 4.3.5 build 20181110, 4.3.4 build 20181026, 4.3.3 build 20181029, 4.2.6 build 20181026.

Sources

https://www.qnap.com/en/security-advisory/nas-201811-22

Buffer overflow in QNAP QTS - CVE-2018-14749

Detailed vulnerability description

How to mitigate CVE-2018-14749

Sources

Please verify you're human