This exploit demonstrates multiple memory corruption vulnerabilities in QNAP and Fujitsu NAS devices, including heap and stack overflows, leading to potential remote code execution or information leakage. The PoC combines heap overflows with stack manipulation to bypass protections and read sensitive data like shadow passwords.
Classification
Working Poc 95%
Attack Type
Rce | Info Leak
Target:
QNAP VioStor NVR (QVR 5.1.x), QNAP NAS (QTS < 4.2.3), Fujitsu Celvin NAS (< 4.2.3)
No auth needed
Prerequisites:
Network access to the target device · Vulnerable firmware version