VYPR
Critical severity9.8NVD Advisory· Published Sep 14, 2017· Updated Jun 17, 2026

CVE-2017-13067

CVE-2017-13067

Description

QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNAP NAS using a transcoding service on port 9251. A remote user does not require any privileges to successfully execute an attack.

Affected products

3
  • cpe:2.3:o:qnap:qts:*:*:*:*:*:*:*:*
    Range: >=4.2.0,<=4.2.6
  • Range: <4.2.6 build 20170905 and <4.3.3.0299 build 20170901
  • QNAP/QTS Media Libary PRODUCTv5
    Range: prior to 4.2.6 build 20170905

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.