EIP-2026-111621

PRE-CVE

QNAP QTS and Photo Station 6.0.3 - Remote Command Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111621. PoCs published by Th3GundY.

AI-analyzed exploit summary This exploit targets QNAP QTS and Photo Station versions before 4.4.1 and 6.0.3 respectively, leveraging multiple CVEs to achieve remote command execution via file read vulnerabilities. It extracts sensitive files like /etc/passwd and /etc/shadow by manipulating album and access code parameters.

Description

QNAP QTS and Photo Station 6.0.3 - Remote Command Execution

Exploits (1)

exploitdb WORKING POC

by Th3GundY · pythonwebappsphp

https://www.exploit-db.com/exploits/48531

View Code ZIP pw:eip

This exploit targets QNAP QTS and Photo Station versions before 4.4.1 and 6.0.3 respectively, leveraging multiple CVEs to achieve remote command execution via file read vulnerabilities. It extracts sensitive files like /etc/passwd and /etc/shadow by manipulating album and access code parameters.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: QNAP QTS < 4.4.1, Photo Station < 6.0.3

No auth needed

Prerequisites: Network access to the target QNAP device · Photo Station service exposed

MITRE ATT&CK

T1083 - File and Directory Discovery T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026