Main Vulnerability Database SB2021040202

SB2021040202 - Security restrictions bypass in QNAP QTS

Published: April 2, 2021

Security Bulletin ID SB2021040202

Severity

Critical

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper access control (CVE-ID: N/A)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within DLNA server. A remote non-authenticated attacker can connect to the DLNA server on port 8200/tcp and use a specially crafted request to create arbitrary files on the system. The vulnerability can lead to remote code execution.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://securingsam.com/new-vulnerabilities-allow-complete-takeover/