CVE-2019-7192 PoC — QNAP Systems Photo Station 访问控制错误漏洞

Source

https://github.com/cycraft-corp/cve-2019-7192-check

Associated Vulnerability

Title:QNAP Systems Photo Station 访问控制错误漏洞 (CVE-2019-7192)
Description:QNAP Systems Photo Station是中国威联通（QNAP Systems）公司的一款照片管理和查看应用程序。 QNAP Systems Photo Station中存在访问控制错误漏洞。远程攻击者可利用该漏洞对系统进行未经授权的访问。以下产品及版本受到影响：QNAP Systems Photo Station 6.0.3之前版本（QTS 4.4.1版本），5.7.10之前版本（QTS 4.3.4版本至4.4.0版本），5.4.9之前版本（QTS 4.3.0版本至4.3.3版本），5.2.

Description

Checker for QNAP pre-auth root RCE (CVE-2019-7192 ~ CVE-2019-7195)

Readme

# QNAP Pre-Auth Root RCE (CVE-2019-7192 ~ CVE-2019-7195) Checker

Usage:

```
pip install requests
./Checker_for_QNAP_RCE_cve20197192_95.py /path/to/ip-port.txt
```

Example file input:

```
1.2.3.4 8080
2.3.4.5 443
```

This tool takes a list of QNAP NASes' IPs and ports, and it tells if each
device is vulnerable to the following vulnerabilities:

- CVE-2019–7192 (CVSS 9.8)
- CVE-2019–7193 (CVSS 9.8)
- CVE-2019–7194 (CVSS 9.8)
- CVE-2019–7195 (CVSS 9.8)

# Vulnerability

The vulnerabilities can be chained as a pre-auth root RCE, visit the following
links for more details:

- [Write-Up](https://medium.com/@cycraft_corp/fc8af285622e)
- [QNAP's Security Advisory](https://www.qnap.com/zh-tw/security-advisory/nas-201911-25)

# Credit

The vulnerabilities were discovered by Henry Huang from CyCarrier CSIRT, and
he is also the author of this tool.

File Snapshot


 [4.0K]  /data/pocs/a691f7fef184d1839a7458a291fa38b1ca2fd535
├── [4.2K]  Checker_for_QNAP_RCE_cve20197192_95.py
├── [ 11K]  LICENSE
├── [ 862]  README.md
└── [   9]  requirements.txt

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!