Improper access control in QNAP QTS - #VU51880
Published: April 2, 2021
Vulnerability identifier: #VU51880
CSH Severity: Critical
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red
CVE-ID: N/A
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
QNAP QTS
QNAP QTS
Software vendor:
QNAP Systems, Inc.
QNAP Systems, Inc.
Description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within DLNA server. A remote non-authenticated attacker can connect to the DLNA server on port 8200/tcp and use a specially crafted request to create arbitrary files on the system. The vulnerability can lead to remote code execution.
Remediation
It is unclear, if the vulnerability was fixed in the latest release of
QNAP QTS 4.3.6.1620 Build 20210322, therefore treating it for the moment
as unpatched.