-
QNAP QTS and QuTS Hero Unauthenticated Remote Code Execution in quick.cgi
Disclosure Date: 2024-02-13First seen: 2024-02-22exploit/linux/http/qnap_qts_rce_cve_2023_47218Authors: - sfewer-r7 - Spencer McIntyre - jheysel-r7 -
QNAP Transcode Server Command Execution
Disclosure Date: 2017-08-06First seen: 2020-04-26exploit/linux/misc/qnap_transcode_serverThis module exploits an unauthenticated remote command injection vulnerability in QNAP NAS devices. The transcoding server listens on port 9251 by default and is vulnerable to command injection using the 'rmfile' command. This module was tested successfully on a QNAP TS-431 with firmware version 4.3.3.0262 (20170727). Authors: - Zenofex - 0x00string - bcoles <bcoles@gmail.com>
2 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details