As per a report released, it is now asserted that QNAP Network-attached storage (NAS) devices are exposed to heap overflow vulnerability and non critical stack crash. These vulnerabilities are deemed critical by the information security community globally and is said to have a noticeable impact on the users of QNAP NAS Devices.

An information security researcher named Bashis posted some critical vulnerabilities found in the widely used QNAP NAS devices. As per the specific details provided the Heap overflow vulnerability was found in “cgi.cgi” and the not so critical stack crash vulnerability was found in “jc.cgi and mediaGet.cgi”.

Reference for the Heap Overflow Vulnerability

Path: /home/httpd/cgi-bin/cgi.cgi

u = valid user [guest|admin]


/* Remote */

[Remote host]# echo -en "GET

/cgi-bin/cgi.cgi?u=admin&p=`for((i=0;i<263;i++));do echo -en "A";done`

HTTP/1.0\nHost: QNAP\n\n" | ncat --ssl 443

The vulnerability was initially attempted to be made aware to the makers of QNAP NAS Device through their webpage submission function. However, Information Security researcher Bhashis was unable to post the vulnerability details on the QNAP webpage and repeatedly got a mailer-daemon on posting it.

What makes the assessed vulnerabilities even more dangerous for the QNAP NAS device users is that it allows the exploiter gain unauthorized admin privileges.  If the heap overflow vulnerabilities are further successfully exploited it may also lead to greater levels of network breaches if the intrusion goes unchecked. Another aspect that makes the found vulnerabilities critical is that the attacker would not require credentials to carry out an exploit. 

The QNAP NAS devices are used to store file-level data and are usually connected to a network were multiple users have access to it. These devices act as a server for the members of a heterogeneous group who use it to fetch data from it. The QNAP NAS devices are used at homes, small business, medium and large businesses. The fact that needs to be taken cognizance of is that the QNAP NAS devices which are used in large businesses have the capacity of serving over 200 users. Taking this aspect into consideration, Heap overflow vulnerability (as assessed and detected) in such a device could have devastating effects on the users especially at an organizational level.  

Some of the QNAP NAS products that might have been exposed to exploits such as heap vulnerability are the Enterprise - Enterprise ZFS NAS, Enterprise - SAS NAS, Enterprise - Enterprise NAS, SMB - Thunderbolt NAS etc. Although the broader aspects of the vulnerabilities pertaining to the QNAP NAS devices have been successfully exposed, the details of the specific bugs would be released to Full Disclosure on February 1, 2017. The technical detail that is yet to be released would also include the Bugtraq e-mail list.

Don’t leave yourself exposed. Find your vulnerabilities before cybercriminals do. Contact us for Vulnerability Assessment and Penetration Testing.

Date Published
March 22, 2017