Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
qBittorrent Web UI Default Credentials Lead to RCE
Vulnerability Description
All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the "external program" feature in the web user interface. This was reportedly exploited in the wild in March 2023.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
CWE-1392
Vulnerability Title
qBittorrent 信任管理问题漏洞
Vulnerability Description
qBittorrent是一款跨平台的轻量级BitTorrent客户端。 qBittorrent 4.5.5及之前版本存在安全漏洞,该漏洞源于使用默认凭据,远程攻击者可以使用默认凭据执行任意操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A