QNAP QTS quick.cgi command execution

Added: 03/08/2024

Background

QNAP is an operating system for Network Attached Storage (NAS) devices.

QTS (QNAP Turbo NAS System) is the Turbo NAS Operating System for entry and mid-level QNAP NAS.

Problem

A vulnerability in the quick.cgi component in uninitialized QNAP NAS devices allows remote attackers to execute arbitrary commands

Resolution

Update to QTS 4.2.6 build 20240131, 4.3.3.2644 build 20240131, 4.3.4.2675 build 20240131, 4.3.6.2665 build 20240131, 4.5.4.2012 build 20220419, 5.0.0.1986 build 20220324, 5.0.1.2145 build 20220903, 5.1.0.2444 build 20230629, or later.

References

https://www.qnap.com/en/security-advisory/qsa-23-57

Platforms

QNAP QTS

Back to exploit index