CVE-2024-27130
published 2024-05-21CVE-2024-27130: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability…
PriorityP188high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
38.05%
98.4th percentile
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network.
We have already fixed the vulnerability in the following version:
QTS 5.1.7.2770 build 20240520 and later
QuTS hero h5.1.7.2770 build 20240520 and later
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | qts | — | — |
| qnap | quts_hero | — | — |
| qnap | quts_hero | — | — |
| qnap | quts_hero | — | — |
| qnap | quts_hero | — | — |
| qnap | quts_hero | — | — |
| qnap | quts_hero | — | — |
| qnap | quts_hero | — | — |
| qnap | quts_hero | — | — |
| qnap | quts_hero | — | — |
| qnap | quts_hero | — | — |
| qnap | quts_hero | — | — |
| qnap_systems_inc | qts | >= 5.1.x < 5.1.7.2770 build 20240520 | 5.1.7.2770 build 20240520 |
| qnap_systems_inc | quts_hero | >= h5.1.x < h5.1.7.2770 build 20240520 | h5.1.7.2770 build 20240520 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c3mm-2w2h-vx43: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions
ghsa_unreviewed·2024-05-21
CVE-2024-27130 [HIGH] CWE-120 GHSA-c3mm-2w2h-vx43: A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network.
We have already fixed the vulnerability in the following version:
QTS 5.1.7.2770 build 20240520 and later
QuTS hero h5.1.7.2770 build 20240520 and later
VulnCheck
QNAP Operating System Authenticated Network Buffer Overflow
vulncheck·2024·CVSS 7.2
CVE-2024-27130 [HIGH] QNAP Operating System Authenticated Network Buffer Overflow
QNAP Operating System Authenticated Network Buffer Overflow
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network.
Affected: QNAP QTS, QuTS hero
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-05-27&host_type=src&vulnerability=cve-2024-27130; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-08-07&host_type=src&vulnerability=cve-2024-27130
Exploit PoC: https://vulncheck.com/xdb/b140a4e5c640
Suricata
ET EXPLOIT Cisco Security Manager Path Traversal - cwhp (CVE-2020-27130)
suricata·2022-02-04·CVSS 9.1
CVE-2020-27130 [CRITICAL] ET EXPLOIT Cisco Security Manager Path Traversal - cwhp (CVE-2020-27130)
ET EXPLOIT Cisco Security Manager Path Traversal - cwhp (CVE-2020-27130)
Rule: alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Cisco Security Manager Path Traversal - cwhp (CVE-2020-27130)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/cwhp/XmpFileDownloadServlet?parameterName=downloadDoc&downloadDirectory="; fast_pattern; content:"|2e 2e 2f|"; reference:cve,2020-27130; classtype:attempted-admin; sid:2035106; rev:3; metadata:created_at 2022_02_04, cve CVE_2020_27130, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_11_26, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1083, mitre_technique_name File_And_Directory_
No public exploits indexed.
Bleepingcomputer
QNAP QTS zero-day in Share feature gets public RCE exploit
blogs_bleepingcomputer·2024-05-20·CVSS 5.0
CVE-2024-27130 [MEDIUM] QNAP QTS zero-day in Share feature gets public RCE exploit
## QNAP QTS zero-day in Share feature gets public RCE exploit
## Bill Toulas
An extensive security audit of QNAP QTS, the operating system for the company's NAS products, has uncovered fifteen vulnerabilities of varying severity, with eleven remaining unfixed.
Among them is CVE-2024-27130, an unpatched stack buffer overflow vulnerability in the 'No_Support_ACL' function of 'share.cgi,' which could enable an attacker to perform remote code execution when specific prerequisites are met.
The vendor responded to the vulnerability reports submitted between December 12, 2023, and January 23, 2024, with multiple delays and has fixed only four of the fifteen flaws.
The vulnerabilities were discovered by WatchTowr Labs , who published the complete details of their findings and a proof of conce
Greynoiseio
NoiseLetter May 2024
blogs_greynoiseio
NoiseLetter May 2024
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
2024-05-21
Published
Exploited in the wild