|    |    |    | Today: 20-Sep-2017 |

QNAP Transcode Server Command Execution

September 2, 2017 | Posted in ExploitAlert

This Metasploit module exploits an unauthenticated remote command injection vulnerability in QNAP NAS devices. The transcoding server listens on port 9251 by default and is vulnerable to command injection using the 'rmfile' command. This Metasploit module was tested successfully on a QNAP TS-431 with firmware version 4.3.3.0262 (20170727).


Source: QNAP Transcode Server Command Execution

Taged in: Exploit