Back to directory

WRITEUP #2413

QNAP Poisoned XML Command Injection (Silently Patched)

RCEOS command injection

by@Junior_Baines(Jake Baines)

Program

QNAP

Published

Aug 4, 2022

Added to HackDex

Sep 15, 2022

Read Full Writeuphttps://www.rapid7.com/blog/post/2022/08/04/qnap-poisoned-xml-command-injection-silently-patched/

▸ RELATED WRITEUPS

Vulnerabilities in Open Source C2 Frameworks

RCEOS command injection

SSD Advisory – SonicWall SMA100 Stored XSS To RCE

RCEOS command injection

[2,500$ Bug Bounty Write-Up] Remote Code Execution (RCE) via unclaimed Node package

RCEDependency confusion

Attacking PowerShell CLIXML Deserialization

DeserializationInsecure deserialization

Zero-Click Calendar invite — Critical zero-click vulnerability chain in macOS

RCEArbitrary file write

Built with ❤️ by Shubham Rawat