Giters

3W1nd4r / CVE-2024-32766-RCE

writeup and PoC for CVE-2024-32766 (QNAP) OS command injection and auth bypass

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2024-32766-RCE

writeup and PoC for CVE-2024-32766 (QNAP) OS command injection and auth bypass

CVE-2024-32766 is an OS command injection vulnerablity which affects QNAP products.

Details:

CVE-2024-32766 is an os command injection which can be triggered by sending specialy crafted [redacted] request to the [redacted] endpoint. to reach the command injection point we need to bypass some auth checks, which we here chaining it with a authentication bypass flaw to execute our code completely unauthenticated. there are arround ~200k exposed qnap products which most of them not been patched yet as per my observation.

About:

the exploit is developed in python batch testing which takes a file(ip list) and command as an argument. and is chained together with auth bypass to execute code without authentication. also there is writeup.pdf which you can find my research about this vulnerablity and (two other vulnerablities which are not to be mentioned here)

get it here:

About

writeup and PoC for CVE-2024-32766 (QNAP) OS command injection and auth bypass