CVE-2018-0708

HIGH

Qnap Q'center < 1.7.1063 - OS Command Injection

Title source: rule

Description

Command injection vulnerability in networking of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.

Exploits (3)

exploitdb WORKING POC VERIFIED

by Core Security · textwebappshardware

https://www.exploit-db.com/exploits/45015

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by ntkernel0 · poc

https://github.com/ntkernel0/CVE-2019-0708

View Code ZIP pw:eip

gitlab WORKING POC

by ntkernel · poc

https://gitlab.com/ntkernel/CVE-2019-0708

View Code ZIP pw:eip

References (6)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2018/Jul/45

[Exploit, Third Party Advisory] https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/45015/

[Vendor Advisory] https://www.qnap.com/zh-tw/security-advisory/nas-201807-10

[Exploit, Third Party Advisory, VDB Entry] https://www.securityfocus.com/archive/1/542141/100/0/threaded

Scores

CVSS v3 8.8

EPSS 0.4728

EPSS Percentile 97.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (1)

qnap/q\'center < 1.7.1063

Published Jul 17, 2018

Tracked Since Feb 18, 2026