CVE-2019-7195

Related Files

QNAP QTS and Photo Station Local File Inclusion

Posted Aug 31, 2024

Authored by Henry Huang, Redouane Niboucha | Site metasploit.com

This Metasploit module exploits a local file inclusion in QNAP QTS and Photo Station that allows an unauthenticated attacker to download files from the QNAP filesystem. Because the HTTP server runs as root, it is possible to access sensitive files, such as SSH private keys and password hashes. This Metasploit module has been tested on QTS 4.3.3 (unknown Photo Station version) and QTS 4.3.6 with Photo Station 5.7.9.

tags | exploit, web, local, root, file inclusion

advisories | CVE-2019-7192, CVE-2019-7194, CVE-2019-7195

SHA-256 | 70107b0adbe195b76131c10cdea4a24c8ea076a3a1b93c6596908a86f7bcd91a

Download | Favorite | View

QNAP QTS And Photo Station 6.0.3 Remote Command Execution

Posted May 28, 2020

Authored by Yunus YILDIRIM

QNAP QTS and Photo Station version 6.0.3 suffers from a remote command execution vulnerability.

tags | exploit, remote

advisories | CVE-2019-7192, CVE-2019-7193, CVE-2019-7194, CVE-2019-7195

SHA-256 | 604298053dafd0abe28f387617874da35d43eb2b5d986c0ce5674a7007367477

Download | Favorite | View