CVE-2017-6361
published 2017-03-23CVE-2017-6361: QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.
PriorityP186critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
56.85%
98.9th percentile
QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qnap | qts | <= 4.2.4 | — |
Detection & IOCsextracted from sources · hover to see the quote
commandcurl -ki "https://TARGET/cgi-bin/authLogin.cgi?reboot_notice_msg=$(printf 'QNAPVJBD%08d%16s 14`(echo;id)>&2`' $(expr $(date +%s) % 100000000) Disconnect|base64|tr -d '\r\n')"↗
- →Detect HTTP GET requests to /cgi-bin/authLogin.cgi containing the 'reboot_notice_msg' parameter; the value is a base64-encoded string beginning with 'QNAPVJBD' which can carry an injected shell command payload. ↗
- →Detect HTTP GET requests to /cgi-bin/userConfig.cgi with func=cloudPersonalSmtp and a 'hash' parameter containing shell metacharacters (backticks, semicolons, pipe characters) indicative of command injection. ↗
- →Detect HTTP GET requests to /cgi-bin/filemanager/utilRequest.cgi with func=cancel_trash_recovery and a 'pid' parameter containing shell metacharacters, as the value is passed unsanitized to /bin/kill -9 %s via system(). ↗
- →CVE-2017-6361 affects QNAP NAS devices; look for exploitation attempts against port 443 on NAS devices, consistent with top affected ports observed in IoT botnet scanning activity. ↗
- ·Vulnerabilities were confirmed on QNAP TVS-663 firmware 4.2.2 Build 20161214 and 4.2.3 Build 20170213, and CVE-2017-6361 was also confirmed on QNAP HS-251+ running QTS 4.2.2 Build 20161028. All devices running QTS prior to 4.2.4 Build 20170313 are believed to be affected. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pv6p-xwp7-mhqm: QNAP QTS before 4
ghsa_unreviewed·2022-05-13
CVE-2017-6361 [CRITICAL] CWE-78 GHSA-pv6p-xwp7-mhqm: QNAP QTS before 4
QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.
VulnCheck
QNAP QTS Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
vulncheck·2017·CVSS 9.8
CVE-2017-6361 [CRITICAL] QNAP QTS Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
QNAP QTS Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.
Affected: QNAP QTS
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://api.vulncheck.com/v3/index/sans-dshield?cve=CVE-2017-6361; https://www.trendmicro.com/en_us/research/18/g/vpnfilter-affected-devices-still-riddled-with-19-vulnerabilities.html; https://www.researchgate.net/publication/348602660_An_analysis_of_the_use_of_CVEs_by_IoT_malware
No detection rules found.
Trendmicro
VPNFilter-affected Devices Still Riddled with 19 Bugs
blogs_trendmicro·2018-07-13
VPNFilter-affected Devices Still Riddled with 19 Bugs
IoT
## VPNFilter-affected Devices Still Riddled with 19 Bugs
This blog tackles the VPNFilter malware and if deployed devices are vulnerable to it. Based on our data, plenty of the devices are still using old firmware versions. In fact, 19 known vulnerabilities can still be detected in devices up to this day.
By: Tony Yang, Peter Lee Jul 13, 2018 Read time: ( words)
Save to Folio
Our IoT scanning tool allows users to identify if connected devices (e.g. routers, network attached storage devices, IP cameras, and printers) in a given network are vulnerable to security risks and vulnerabilities, such as those related to Mirai, Reaper, and WannaCry.
We gather our data from the Trend Micro™ Home Network Security solution and HouseCall™ for Home Networks scanner. HouseCall for Home Networks
Trendmicro
VPNFilter-affected Devices Still Riddled with 19 Bugs
blogs_trendmicro·2018-07-13
VPNFilter-affected Devices Still Riddled with 19 Bugs
IoT
# VPNFilter-affected Devices Still Riddled with 19 Bugs
This blog tackles the VPNFilter malware and if deployed devices are vulnerable to it. Based on our data, plenty of the devices are still using old firmware versions. In fact, 19 known vulnerabilities can still be detected in devices up to this day.
By: Tony Yang, Peter Lee
2018/07/13
Read time: ( words)
Save to Folio
Our IoT scanning tool allows users to identify if connected devices (e.g. routers, network attached storage devices, IP cameras, and printers) in a given network are vulnerable to security risks and vulnerabilities, such as those related to Mirai, Reaper, and WannaCry.
We gather our data from the Trend Micro™ Home Network Security solution and HouseCall™ for Home Networks scanner. HouseCall for Home Networks is
Trendmicro
VPNFilter-affected Devices Still Riddled with 19 Bugs
blogs_trendmicro·2018-07-13
VPNFilter-affected Devices Still Riddled with 19 Bugs
IoT
## VPNFilter-affected Devices Still Riddled with 19 Bugs
This blog tackles the VPNFilter malware and if deployed devices are vulnerable to it. Based on our data, plenty of the devices are still using old firmware versions. In fact, 19 known vulnerabilities can still be detected in devices up to this day.
By: Tony Yang, Peter Lee 2018/07/13 Read time: ( words)
Save to Folio
Our IoT scanning tool allows users to identify if connected devices (e.g. routers, network attached storage devices, IP cameras, and printers) in a given network are vulnerable to security risks and vulnerabilities, such as those related to Mirai, Reaper, and WannaCry.
We gather our data from the Trend Micro™ Home Network Security solution and HouseCall™ for Home Networks scanner. HouseCall for Home Networks is
Trendmicro
Identifying Top Vulnerabilities in Networks
blogs_trendmicro·2018-05-29
Identifying Top Vulnerabilities in Networks
IoT
# Identifying Top Vulnerabilities in Networks
Our findings homed in on known vulnerabilities, IoT botnets with top vulnerability detections, and devices that are affected. Our scanning covered different OSs, including Linux, Mac, Windows, Android, iOS, and other SDK platforms.
By: Tony Yang, Adam Huang, Louis Tsai
2018/05/29
Read time: ( words)
Save to Folio
We have noted time and again how compromising networks and connected devices is rooted in finding weak points in the system. Often, these are in the form of vulnerabilities. Worse, vulnerabilities that aren’t even new. In the context of the internet of things (IoT) and noteworthy security incidents related to it, these vulnerabilities have afforded attackers means to use unsecure devices to facilitate malicious activities suc
http://www.securityfocus.com/bid/97059http://www.securityfocus.com/bid/97072http://www.securitytracker.com/id/1038091https://www.exploit-db.com/exploits/41842/https://www.qnap.com/en/support/con_show.php?cid=113http://www.securityfocus.com/bid/97059http://www.securityfocus.com/bid/97072http://www.securitytracker.com/id/1038091https://www.exploit-db.com/exploits/41842/https://www.qnap.com/en/support/con_show.php?cid=113
2017-03-23
Published
Exploited in the wild