EIP-2026-101068

PRE-CVE

QNAP NVR/NAS Devices - Buffer Overflow (PoC)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101068. PoCs published by bashis.

AI-analyzed exploit summary This exploit demonstrates multiple memory corruption vulnerabilities in QNAP and Fujitsu NAS devices, including heap and stack overflows, leading to potential remote code execution or information leakage. The PoC combines heap overflows with stack manipulation to bypass protections and read sensitive data like shadow passwords.

Description

QNAP NVR/NAS Devices - Buffer Overflow (PoC)

Exploits (1)

exploitdb WORKING POC

by bashis · textdoshardware

https://www.exploit-db.com/exploits/41219

View Code ZIP pw:eip

This exploit demonstrates multiple memory corruption vulnerabilities in QNAP and Fujitsu NAS devices, including heap and stack overflows, leading to potential remote code execution or information leakage. The PoC combines heap overflows with stack manipulation to bypass protections and read sensitive data like shadow passwords.

Classification

Working Poc 95%

Attack Type

Rce | Info Leak

Complexity

Complex

Reliability

Reliable

Target: QNAP VioStor NVR (QVR 5.1.x), QNAP NAS (QTS < 4.2.3), Fujitsu Celvin NAS (< 4.2.3)

No auth needed

Prerequisites: Network access to the target device · Vulnerable firmware version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026