CVE-2017-5227

HIGH

QNAP QTS < 4.2.4 - Unauthenticated Sensitive Information Exposure via uLinux.conf

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-5227. PoCs published by Pasquale Fiorillo.

AI-analyzed exploit summary The writeup describes a privilege escalation vulnerability in QNAP QTS where a world-readable configuration file exposes weakly encrypted Microsoft Domain Administrator credentials. The exploit involves decoding a XOR-encrypted password stored in the file.

Description

QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration file.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Pasquale Fiorillo · textlocalhardware
https://www.exploit-db.com/exploits/41745

The writeup describes a privilege escalation vulnerability in QNAP QTS where a world-readable configuration file exposes weakly encrypted Microsoft Domain Administrator credentials. The exploit involves decoding a XOR-encrypted password stored in the file.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: QNAP QTS < 4.2.4
Auth required
Prerequisites: Local access to the QNAP device · NAS joined to a Microsoft Active Directory domain
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/97056
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/97072
Mitigation, Vendor Advisory x_refsource_confirm
https://www.qnap.com/en/support/con_show.php?cid=113
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1038091
Release Notes, Vendor Advisory x_refsource_confirm
https://www.qnap.com/en-us/releasenotes/
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/41745/
Third Party Advisory x_refsource_misc
http://www.ush.it/team/ush/hack-qnap/qnap.txt

Scores

CVSS v3 7.5
EPSS 0.0644
EPSS Percentile 92.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
qnap/qts < 4.2.4
Published Mar 23, 2017
Tracked Since Feb 18, 2026