admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-05-06 02:31:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
GobyVuls/CVE-2022-27596.md
Goby 3c7248acea
Create CVE-2022-27596.md 
add CVE-2022-27596
2023-04-04 18:52:32 +08:00

1.8 KiB
Raw Blame History

QNAP-NAS authLogin.cgi app_token RCE Vulnerability (CVE-2022-27596)

Vulnerability QNAP-NAS authLogin.cgi app_token RCE Vulnerability (CVE-2022-27596)
Chinese name QNAP-NAS authLogin.cgi 文件 app_token 参数代码执行漏洞CVE-2022-27596
CVSS core 9.0
FOFA Query (click to view the results directly) (((header="http server" && body="redirect_suffix") || body="/css/qnap-default.css" || body="/redirect.html?count=\"+Math.random()" || body="/indexnas.cgi?counter=") && body!="Server: couchdb") || (body="qnap_hyperlink" && body="QNAP Systems, Inc.</a > All Rights Reserved.")
Number of assets affected 2262781
Description QNAP Systems QTS is an operating system used by China's QNAP Systems for entry-level to mid-level QNAP NAS. There is a security vulnerability in QNAP Systems QTS. The vulnerability stems from the fact that devices running QuTS hero and QTS allow remote attackers to inject malicious code into the app_token parameter field to obtain server permissions.
Impact There is a security vulnerability in QNAP Systems QTS. The vulnerability stems from the fact that devices running QuTS hero and QTS allow remote attackers to inject malicious code into the app_token parameter field to obtain server permissions.