CVE-2024-27130

HIGH EXPLOITED

QNAP QTS and QuTS hero - Remote Code Execution via Stack-based Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2024-27130 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including watchtowrlabs, d0rb, dkstar11q.

AI-analyzed exploit summary This PoC exploits a stack overflow vulnerability (CVE-2024-27130) in QNAP devices to achieve remote code execution (RCE) by creating a new user with sudo privileges and enabling SSH access. The exploit leverages a buffer overflow in the filemanager/share.cgi endpoint to execute arbitrary commands.

Description

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

Exploits (3)

nomisec WORKING POC 37 stars
by watchtowrlabs · remote
https://github.com/watchtowrlabs/CVE-2024-27130

This PoC exploits a stack overflow vulnerability (CVE-2024-27130) in QNAP devices to achieve remote code execution (RCE) by creating a new user with sudo privileges and enabling SSH access. The exploit leverages a buffer overflow in the filemanager/share.cgi endpoint to execute arbitrary commands.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: QNAP NAS devices (specific version not specified)
No auth needed
Prerequisites: Network access to the vulnerable QNAP device · Valid 'ssid' obtained from a NAS user sharing a file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by d0rb · remote
https://github.com/d0rb/CVE-2024-27130

This repository contains a functional PoC for CVE-2024-27130, a buffer overflow vulnerability in QNAP QTS that allows remote command execution with root privileges. The exploit crafts a malicious payload to trigger a SIGSEGV and execute arbitrary commands, including creating a new user with sudo privileges.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: QNAP QTS (specific version not specified)
No auth needed
Prerequisites: Target QNAP device with vulnerable QTS version · Network access to the target device · SSID (Share ID) for exploitation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by dkstar11q · poc
https://github.com/dkstar11q/cve-2024-27130-poc

This PoC exploits a stack-based buffer overflow in QNAP NAS devices via the `share.cgi` script's `No_Support_ACL` function, allowing unauthenticated remote code execution. It creates a backdoor user with sudo privileges and initiates an SSH session.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: QNAP QTS (versions before 5.1.7.2770 build 20240520)
No auth needed
Prerequisites: Target host address · Valid shared file SSID
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 7.2
EPSS 0.8116
EPSS Percentile 99.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2024-05-27
CWE
CWE-121 CWE-120
Status published
Products (23)
qnap/qts 5.1.0.2348 build_20230325
qnap/qts 5.1.0.2399 build_20230515
qnap/qts 5.1.0.2418 build_20230603
qnap/qts 5.1.0.2444 build_20230629
qnap/qts 5.1.0.2466 build_20230721
qnap/qts 5.1.1.2491 build_20230815
qnap/qts 5.1.2.2533 build_20230926
qnap/qts 5.1.3.2578 build_20231110
qnap/qts 5.1.4.2596 build_20231128
qnap/qts 5.1.5.2645 build_20240116
... and 13 more
Published May 21, 2024
Tracked Since Feb 18, 2026