← back
CVE-2017-13067

CVE-2017-13067

EPSS 16.7%
Vexday Risk Score
23Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 16.7%KEV nãoPoC Nuclei Metasploit simPatch
Lifecycle
06 Aug 2017Metasploit module available
14 Sep 2017Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNAP NAS using a transcoding service on port 9251. A remote user does not require any privileges to successfully execute an attack.