CVE-2018-0706

HIGH

QNAP Q'center Virtual Appliance <1.7.1063 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2018-0706. PoCs published by Metasploit, Core Security, Ivan Huertas, bcoles, including Metasploit module exploits/linux/http/qnap_qcenter_change_passwd_exec.

AI-analyzed exploit summary This Metasploit module exploits a command injection vulnerability (CVE-2018-0707) in QNAP Q'Center's `change_passwd` API, allowing authenticated users to execute arbitrary commands as the 'admin' OS user. It also leverages a separate password disclosure issue (CVE-2018-0706) to escalate privileges if non-admin credentials are provided.

Description

Exposure of Private Information in QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to access sensitive information.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/45043

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability (CVE-2018-0707) in QNAP Q'Center's `change_passwd` API, allowing authenticated users to execute arbitrary commands as the 'admin' OS user. It also leverages a separate password disclosure issue (CVE-2018-0706) to escalate privileges if non-admin credentials are provided.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: QNAP Q'Center virtual appliance versions prior to 1.7.1083

Auth required

Prerequisites: Network access to the Q'Center web interface (port 443) · Valid credentials for any user (or admin credentials directly) · Target running a vulnerable version of Q'Center

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Core Security · textwebappshardware

https://www.exploit-db.com/exploits/45015

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in QNAP Qcenter Virtual Appliance, including privilege escalation via API endpoint exposure of admin credentials and command injection in password change and network configuration functionalities.

Classification

Working Poc 100%

Attack Type

Rce | Lpe | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: QNAP Qcenter Virtual Appliance Version 1.6.1056 (20170825), 1.6.1075 (20171123)

Auth required

Prerequisites: Authenticated access to the Qcenter web console · Base64 encoding for password fields

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Ivan Huertas, bcoles · rubypoclinux

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/qnap_qcenter_change_passwd_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in QNAP Q'Center's `change_passwd` API, allowing authenticated users to execute arbitrary commands as the 'admin' user. It also leverages a separate password disclosure issue to escalate privileges if non-admin credentials are provided.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: QNAP Q'Center virtual appliance versions prior to 1.7.1083

Auth required

Prerequisites: Valid credentials for the 'admin' user account or any authenticated user to exploit the password disclosure issue

MITRE ATT&CK