CVE-2017-13067

CRITICAL

Qnap Qts < 4.2.6 - Remote Code Execution

Title source: rule

Description

QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNAP NAS using a transcoding service on port 9251. A remote user does not require any privileges to successfully execute an attack.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Zenofex, 0x00string, bcoles · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/misc/qnap_transcode_server.rb

View Code ZIP pw:eip

References (1)

[Vendor Advisory] https://www.qnap.com/zh-hk/releasenotes/

Scores

CVSS v3 9.8

EPSS 0.5107

EPSS Percentile 97.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (3)

qnap/qts 4.2.0 - 4.2.6

QNAP/QTS Media Libary PRODUCT prior to 4.2.6 build 20170905

QNAP/QTS Media Libary PRODUCT prior to 4.3.3.0299 build 20170901

Published Sep 14, 2017

Tracked Since Feb 18, 2026