The advisories from ZDI-24-470 to ZDI-24-475 detail a series of vulnerabilities affecting QNAP TS-464 NAS devices, ranging from CRLF injection and SQL injection to improper certificate validation and file upload directory traversal. These vulnerabilities could allow remote attackers to make arbitrary configuration changes, execute code, escalate privileges, and create or delete files on affected devices. QNAP has issued updates to correct these vulnerabilities, highlighting the importance of applying security patches promptly to protect against potential exploits.
- ZDI-24-470:
- Vulnerability: QNAP TS-464 QR Code Device CRLF Injection Arbitrary Configuration Change Vulnerability.
- Description: Remote attackers can make arbitrary changes to configuration on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The flaw exists within the privWizard API endpoints, resulting from improper validation of user-supplied strings before using them to update configuration. An attacker can leverage this to change the system configuration.
- ZDI-24-471:
- Vulnerability: QNAP TS-464 authLogin SQL Injection Remote Code Execution Vulnerability.
- Description: Remote attackers can execute arbitrary code on affected installations of QNAP TS-464 NAS devices. Although authentication is required, the existing mechanism can be bypassed. The flaw exists within the authLogin endpoint due to improper validation of user-supplied strings before constructing SQL queries. An attacker can execute code in the context of root.
- ZDI-24-472:
- Vulnerability: QNAP TS-464 Netmgr Endpoint CRLF Injection Arbitrary Configuration Update Vulnerability.
- Description: Remote attackers can inject arbitrary configuration updates on affected installations of QNAP TS-464 NAS devices. The flaw exists within the privWizard.cgi endpoint. An attacker can leverage this to execute arbitrary code in the context of root.
- ZDI-24-473:
- Vulnerability: QNAP TS-464 Authentication Service Improper Certificate Validation Vulnerability.
- Description: Network-adjacent attackers can compromise the integrity of downloaded information on affected installations of QNAP TS-464 NAS devices. Authentication is not required. The flaw exists within the authentication functionality operating over HTTPS due to improper validation of the server certificate. An attacker can execute arbitrary code in the context of root.
- ZDI-24-474:
- Vulnerability: QNAP TS-464 Exposed Dangerous Method Privilege Escalation Vulnerability.
- Description: Remote attackers can escalate privileges on affected installations of QNAP TS-464 NAS devices. Authentication is not required. The flaw exists within the privWizard.cgi endpoint due to an exposed dangerous method. An attacker can execute arbitrary code in the context of root.
- ZDI-24-475:
- Vulnerability: QNAP TS-464 File Upload Directory Traversal Arbitrary File Creation Vulnerability.
- Description: Remote attackers can create arbitrary files on affected installations of QNAP TS-464 NAS devices. Authentication is not required. The flaw exists within the processing of file uploads due to improper validation of user-supplied paths. An attacker can create or delete file content in the context of admin.
Conclusion: This series of advisories underscores the critical nature of maintaining up-to-date security measures on network-attached storage devices. Users and administrators are urged to apply the provided updates from QNAP to mitigate these vulnerabilities and safeguard their systems from potential attacks.
Leave a comment