CVE-2017-13067
CVE-2017-13067
Vexday Risk Score
23Bajo
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
Madurez del exploit
Exploit funcional
Exploit automatizable disponible (Nuclei/Metasploit).
CVSS —EPSS 16.7%KEV nãoPoC —Nuclei —Metasploit simPatch —
Ciclo de vida
06 ago 2017Exploit Metasploit disponible
14 sep 2017Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNAP NAS using a transcoding service on port 9251. A remote user does not require any privileges to successfully execute an attack.
Productos afectados
QNAP · QTS Media Libary PRODUCTReferencias
https://www.qnap.com/zh-hk/releasenotes/