CVE-2024-27130 PoC — QNAP Systems QTS和QuTS hero 安全漏洞

Source

Associated Vulnerability

Description

This Python script is designed as a proof-of-concept (PoC) for the CVE-2024-27130 vulnerability in QNAP QTS

Readme

<div align="center">

[![Profile Visitors](https://komarev.com/ghpvc/?username=d0rb&label=Visitors&color=0e75b6&style=flat)](https://komarev.com/ghpvc/?username=d0rb)

 #  🇮🇱  **#BringThemHome #NeverAgainIsNow**   🇮🇱

**We demand the safe return of all citizens who have been taken hostage by the terrorist group Hamas. We will not rest until every hostage is released and returns home safely. You can help bring them back home.
https://stories.bringthemhomenow.net/**


# QNAP QTS CVE-2024-27130 PoC :lock:

This repository contains a proof-of-concept (PoC) script for exploiting CVE-2024-27130, a vulnerability affecting QNAP QTS. This vulnerability allows an attacker to execute arbitrary commands with root privileges. :warning:

## Description :mag_right:

The script exploits a vulnerability in QNAP QTS, enabling an attacker to execute arbitrary commands as root. It sends a specially crafted payload to the target QNAP device, triggering the vulnerability and granting the attacker root access. :computer:

For more information, refer to the [blog post](https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/) by Watchtowr Labs. :bookmark:

## Usage :hammer_and_wrench:

To use the script, provide the IP address or domain name of the target QNAP device as well as the SSID (Share ID). The script will attempt to exploit the vulnerability and create a new user with root privileges. :rocket:

```bash
python3 checker.py <host> <ssid>

File Snapshot

 [4.0K]  /data/pocs/1146a2aa43b53b2520e00dbaafec51ac0534e395
├── [1.2K]  Checker.py
├── [3.9K]  PoC.py
└── [1.5K]  README.md

0 directories, 3 files

Remarks