module
QNAP Transcode Server Command Execution
| Disclosed | Created |
|---|---|
| 08/06/2017 | 05/30/2018 |
Disclosed
08/06/2017
Created
05/30/2018
Description
This module exploits an unauthenticated remote command injection
vulnerability in QNAP NAS devices. The transcoding server listens
on port 9251 by default and is vulnerable to command injection
using the 'rmfile' command.
This module was tested successfully on a QNAP TS-431 with
firmware version 4.3.3.0262 (20170727).
vulnerability in QNAP NAS devices. The transcoding server listens
on port 9251 by default and is vulnerable to command injection
using the 'rmfile' command.
This module was tested successfully on a QNAP TS-431 with
firmware version 4.3.3.0262 (20170727).
Authors
Zenofex0x00stringbcoles
Platform
Linux
Architectures
armle
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use exploit/linux/misc/qnap_transcode_server
msf /(r) > show actions
...actions...
msf /(r) > set ACTION < action-name >
msf /(r) > show options
...show and set options...
msf /(r) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.