Vulnerability Details CVE-2017-13067
QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNAP NAS using a transcoding service on port 9251. A remote user does not require any privileges to successfully execute an attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.511
EPSS Ranking 97.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Products affected by CVE-2017-13067
-
cpe:2.3:o:qnap:qts:4.2.0
-
cpe:2.3:o:qnap:qts:4.2.1
-
cpe:2.3:o:qnap:qts:4.2.2
-
cpe:2.3:o:qnap:qts:4.2.3
-
cpe:2.3:o:qnap:qts:4.2.4
-
cpe:2.3:o:qnap:qts:4.2.6
-
cpe:2.3:o:qnap:qts:4.3.1.0013
-
cpe:2.3:o:qnap:qts:4.3.1.0023
-
cpe:2.3:o:qnap:qts:4.3.2.0050
-
cpe:2.3:o:qnap:qts:4.3.2.0060
-
cpe:2.3:o:qnap:qts:4.3.2.0144
-
cpe:2.3:o:qnap:qts:4.3.3
-
cpe:2.3:o:qnap:qts:4.3.3.0095
-
cpe:2.3:o:qnap:qts:4.3.3.0096
-
cpe:2.3:o:qnap:qts:4.3.3.0136
-
cpe:2.3:o:qnap:qts:4.3.3.0154
-
cpe:2.3:o:qnap:qts:4.3.3.0174
-
cpe:2.3:o:qnap:qts:4.3.3.0188
-
cpe:2.3:o:qnap:qts:4.3.3.0210
-
cpe:2.3:o:qnap:qts:4.3.3.0229
-
cpe:2.3:o:qnap:qts:4.3.3.0238
-
cpe:2.3:o:qnap:qts:4.3.3.0262
-
cpe:2.3:o:qnap:qts:4.3.3.0299