Description
Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Core Security · textwebappshardware
https://www.exploit-db.com/exploits/45015
References (6)
Core 6
Core References
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/45015/
Exploit, Third Party Advisory x_refsource_misc
https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/Jul/45
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html
Vendor Advisory x_refsource_confirm
https://www.qnap.com/zh-tw/security-advisory/nas-201807-10
Exploit, Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
https://www.securityfocus.com/archive/1/542141/100/0/threaded
Scores
CVSS v3
8.8
EPSS
0.3456
EPSS Percentile
97.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-78
Status
published
Products (1)
qnap/q\'center
< 1.7.1063
Published
Jul 17, 2018
Tracked Since
Feb 18, 2026