关联漏洞
标题:
QNAP Systems Photo Station 访问控制错误漏洞
(CVE-2019-7192)
描述:QNAP Systems Photo Station是中国威联通(QNAP Systems)公司的一款照片管理和查看应用程序。 QNAP Systems Photo Station中存在访问控制错误漏洞。远程攻击者可利用该漏洞对系统进行未经授权的访问。以下产品及版本受到影响:QNAP Systems Photo Station 6.0.3之前版本(QTS 4.4.1版本),5.7.10之前版本(QTS 4.3.4版本至4.4.0版本),5.4.9之前版本(QTS 4.3.0版本至4.3.3版本),5.2.
描述
Checker for QNAP pre-auth root RCE (CVE-2019-7192 ~ CVE-2019-7195)
介绍
# QNAP Pre-Auth Root RCE (CVE-2019-7192 ~ CVE-2019-7195) Checker
Usage:
```
pip install requests
./Checker_for_QNAP_RCE_cve20197192_95.py /path/to/ip-port.txt
```
Example file input:
```
1.2.3.4 8080
2.3.4.5 443
```
This tool takes a list of QNAP NASes' IPs and ports, and it tells if each
device is vulnerable to the following vulnerabilities:
- CVE-2019–7192 (CVSS 9.8)
- CVE-2019–7193 (CVSS 9.8)
- CVE-2019–7194 (CVSS 9.8)
- CVE-2019–7195 (CVSS 9.8)
# Vulnerability
The vulnerabilities can be chained as a pre-auth root RCE, visit the following
links for more details:
- [Write-Up](https://medium.com/@cycraft_corp/fc8af285622e)
- [QNAP's Security Advisory](https://www.qnap.com/zh-tw/security-advisory/nas-201911-25)
# Credit
The vulnerabilities were discovered by Henry Huang from CyCarrier CSIRT, and
he is also the author of this tool.
文件快照
[4.0K] /data/pocs/a691f7fef184d1839a7458a291fa38b1ca2fd535
├── [4.2K] Checker_for_QNAP_RCE_cve20197192_95.py
├── [ 11K] LICENSE
├── [ 862] README.md
└── [ 9] requirements.txt
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。