CVE-2017-13067
CVE-2017-13067
Vexday Risk Score
23Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 16.7%KEV nãoPoC —Nuclei —Metasploit simPatch —
Lifecycle
06 Aug 2017Metasploit module available
14 Sep 2017Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNAP NAS using a transcoding service on port 9251. A remote user does not require any privileges to successfully execute an attack.
Affected products
QNAP · QTS Media Libary PRODUCTReferences
https://www.qnap.com/zh-hk/releasenotes/