EXPLOITDB-EDB-45015

EXPLOITDB text VERIFIED WORKING POC

Exploit for CVE-2018-0710 - Qnap Q'center < 1.7.1063 - OS Command Injection

AI Analysis

The exploit demonstrates multiple vulnerabilities in QNAP Qcenter Virtual Appliance, including privilege escalation via API endpoint exposure of admin credentials and command injection in password change and network configuration functionalities.

Attack Type

RCE | LPE | info_leak

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

Loading exploit code...

Download ZIP Password: eip

Source

Platform Exploitdb

Type webapps

Platform hardware

Language text

Files 1

https://www.exploit-db.com/exploits/45015

Authors

Core Security Ivan Huertas

Vulnerability

CVE-2018-0710

Qnap Q'center < 1.7.1063 - OS Command Injection

HIGH

CVSS 8.8