CVE-2018-0709

HIGH

Qnap Q'center < 1.7.1063 - OS Command Injection

Title source: rule

Description

Command injection vulnerability in date of QNAP Q'center Virtual Appliance version 1.7.1063 and earlier could allow authenticated users to run arbitrary commands.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Core Security · textwebappshardware

https://www.exploit-db.com/exploits/45015

View Code ZIP pw:eip

References (6)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/148515/QNAP-Qcenter-Virtual-Appliance-1.6.x-Information-Disclosure-Command-Injection.html

[Exploit, Mailing List, Third Party Advisory] http://seclists.org/fulldisclosure/2018/Jul/45

[Exploit, Third Party Advisory] https://www.coresecurity.com/advisories/qnap-qcenter-virtual-appliance-multiple-vulnerabilities

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/45015/

[Vendor Advisory] https://www.qnap.com/zh-tw/security-advisory/nas-201807-10

[Exploit, Third Party Advisory, VDB Entry] https://www.securityfocus.com/archive/1/542141/100/0/threaded

Scores

CVSS v3 8.8

EPSS 0.3456

EPSS Percentile 96.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-78

Status published

Affected Products (1)

qnap/q\'center < 1.7.1063

Timeline

Published Jul 17, 2018

Tracked Since Feb 18, 2026