Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-6360 — OS Command Injection in Qnap QTS

Severity

9.8CRITICALNVD

EPSS

80.0%

top 0.89%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Timeline

PublishedMar 23

Latest updateMay 13

Description

QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors.

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

▶NVDqnap/qts4.2.4

GHSA

GHSA-7fw6-hwmp-q9v4: QNAP QTS before 4↗2022-05-13

▶

CVEList

CVE-2017-6360: QNAP QTS before 4↗2017-03-23

▶

VulnCheck

QNAP QTS Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')↗2017

▶

Exploit-DB

QNAP TVS-663 QTS < 4.2.4 build 20170313 - Command Injection↗2017-04-07

▶