Vulnerability identifier: #VU28777
Vulnerability risk: Low
CVSSv3.1: 6.9 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-77
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
QNAP QTS
Server applications /
File servers (FTP/HTTP)
Vendor: QNAP Systems, Inc.
Description
The vulnerability allows a remote user to execute arbitrary commands on the system.
The vulnerability exists due to insufficient input validation in username on proper authentication after account creation. A remote administrator can create users with usernames containing bash syntax that evaluates code and execute arbitrary commands on the system.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
QNAP QTS: 4.4.1.0948 20190527 - 4.4.1.1201 20200130
External links
http://www.qnap.com/en/release-notes/qts/4.4.1.1216/20200214
http://blog.securityevaluators.com/multiple-vulnerabilities-discovered-in-qnap-nass-303b720d487b
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.