admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update GobyVuls-Document.md

Browse Source
This commit is contained in:
Goby 2023-04-04 18:51:55 +08:00 committed by GitHub
parent cc55b06d94
commit dc4173acac
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
GobyVuls-Document.md
View File

@ -1,7 +1,20 @@
# Goby History Update Vulnerability Total Document (Continuously Update) # Goby History Update Vulnerability Total Document (Continuously Update)
The following content is an updated vulnerability from Goby. Some of the vulnerabilities are recorded on the screen for easy viewing. The following content is an updated vulnerability from Goby. Some of the vulnerabilities are recorded on the screen for easy viewing.
**Updated document date: April 01, 2023** **Updated document date: April 04, 2023**
## QNAP-NAS authLogin.cgi app_token RCE Vulnerability (CVE-2022-27596)
| **Vulnerability** | **QNAP-NAS authLogin.cgi app_token RCE Vulnerability (CVE-2022-27596)** |
| :----: | :-----|
| **Chinese name** | QNAP-NAS authLogin.cgi 文件 app_token 参数代码执行漏洞CVE-2022-27596 |
| **CVSS core** | 9.0 |
| **FOFA Query** (click to view the results directly)| [(((header="http server" \&\& body="redirect_suffix") \|\| body="/css/qnap-default.css" \|\| body="/redirect.html?count=\\\"+Math.random()" \|\| body="/indexnas.cgi?counter=") && body!="Server: couchdb") \|\| (body="qnap_hyperlink" && body="QNAP Systems, Inc.\</a \> All Rights Reserved.")](https://fofa.info/result?qbase64=KCgoaGVhZGVyPSJodHRwIHNlcnZlciIgJiYgYm9keT0icmVkaXJlY3Rfc3VmZml4IikgfHwgYm9keT0iL2Nzcy9xbmFwLWRlZmF1bHQuY3NzIiB8fCBib2R5PSIvcmVkaXJlY3QuaHRtbD9jb3VudD1cXFwiK01hdGgucmFuZG9tKCkiIHx8IGJvZHk9Ii9pbmRleG5hcy5jZ2k%2FY291bnRlcj0iKSAmJiBib2R5IT0iU2VydmVyOiBjb3VjaGRiIikgfHwgKGJvZHk9InFuYXBfaHlwZXJsaW5rIiAmJiBib2R5PSJRTkFQIFN5c3RlbXMsIEluYy48L2EgPiBBbGwgUmlnaHRzIFJlc2VydmVkLiIp) |
| **Number of assets affected** | 2262781 |
| **Description** | QNAP Systems QTS is an operating system used by China's QNAP Systems for entry-level to mid-level QNAP NAS. There is a security vulnerability in QNAP Systems QTS. The vulnerability stems from the fact that devices running QuTS hero and QTS allow remote attackers to inject malicious code into the app_token parameter field to obtain server permissions. |
| **Impact** | There is a security vulnerability in QNAP Systems QTS. The vulnerability stems from the fact that devices running QuTS hero and QTS allow remote attackers to inject malicious code into the app_token parameter field to obtain server permissions. |
![](https://s3.bmp.ovh/imgs/2023/04/04/5bfa9b242ae05f6c.gif)
## Zyxel Authentication Bypass Vulnerability (CVE-2022-0342) ## Zyxel Authentication Bypass Vulnerability (CVE-2022-0342)