Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-6359OS Command Injection in Qnap QTS

CWE-78OS Command Injection4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
61.4%
top 1.67%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Qnap QTS
Timeline
PublishedMar 23
Latest updateMay 13

Description

QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

NVDqnap/qts4.2.4

🔴Vulnerability Details

2
GHSA
GHSA-mwh6-c243-9pv7: QNAP QTS before 42022-05-13
CVEList
CVE-2017-6359: QNAP QTS before 42017-03-23

💥Exploits & PoCs

1
Exploit-DB
QNAP TVS-663 QTS < 4.2.4 build 20170313 - Command Injection2017-04-07
CVE-2017-6359 — OS Command Injection in Qnap QTS | cvebase