CVE-2019-7181

HIGH

myQNAPcloud Connect <1.3.3.0925 - Buffer Overflow

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-7181. PoCs published by Dino Covotsos.

AI-analyzed exploit summary This exploit generates a buffer overflow payload to trigger a denial-of-service (DoS) condition in QNAP myQNAPcloud Connect by pasting a large string into the username/password field. The vulnerability affects versions 1.3.4.0317 and below.

Description

Buffer Overflow vulnerability in myQNAPcloud Connect 1.3.3.0925 and earlier could allow remote attackers to crash the program.

Exploits (1)

exploitdb WORKING POC

by Dino Covotsos · pythondoshardware

https://www.exploit-db.com/exploits/46733

View Code ZIP pw:eip

This exploit generates a buffer overflow payload to trigger a denial-of-service (DoS) condition in QNAP myQNAPcloud Connect by pasting a large string into the username/password field. The vulnerability affects versions 1.3.4.0317 and below.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: QNAP myQNAPcloud Connect 1.3.4.0317 and below

No auth needed

Prerequisites: Access to the QNAP myQNAPcloud Connect application interface

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/152570/QNAP-myQNAPcloud-Connect-1.3.4.0317-Username-Password-Denial-Of-Service.html

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/46733/

Vendor Advisory x_refsource_confirm

https://www.qnap.com/zh-tw/security-advisory/nas-201905-09

Scores

CVSS v3 7.5

EPSS 0.0980

EPSS Percentile 94.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-119

Status published

Products (1)

qnap/myqnapcloud < 1.3.3.0925

Published May 09, 2019

Tracked Since Feb 18, 2026