CVE-2018-0706

HIGH

QNAP Q'center Virtual Appliance <1.7.1063 - Info Disclosure

Title source: llm

Description

Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/45043

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Core Security · textwebappshardware

https://www.exploit-db.com/exploits/45015

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Ivan Huertas, bcoles · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/qnap_qcenter_change_passwd_exec.rb

View Code ZIP pw:eip

References (7)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2018/Jul/45

[Exploit, Third Party Advisory] https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/45015/

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/45043/

[Vendor Advisory] https://www.qnap.com/zh-tw/security-advisory/nas-201807-10

[Exploit, Third Party Advisory, VDB Entry] https://www.securityfocus.com/archive/1/542141/100/0/threaded

Scores

CVSS v3 8.8

EPSS 0.6070

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (1)

qnap/q\'center < 1.7.1063

Published Jul 17, 2018

Tracked Since Feb 18, 2026