Full Disclosure

0-day: QNAP NAS Devices suffer of heap overflow

January 4, 2017 007admin Leave a comment

Posted by bashis on Jan 03

Greetings,

Twice I tried to use the QNAP Web page (https://aid.qnap.com/event/_module/nas/safe_report/) for reporting
vulnerability, and twice I got mailer-daemon back.

So, I’ll post my vulnerabilities here instead (Was not meant to be 0-day… whatever).

Have a nice day (and happy new year)
/bashis

==================
1) [Heap overflow]
==================

Path: /home/httpd/cgi-bin/cgi.cgi
u = valid user [guest|admin]

1.1)

/* Remote */…

Leave a Reply Cancel reply

You must be logged in to post a comment.

Software and Security Information