Critical severity9.8NVD Advisory· Published Sep 14, 2017· Updated May 13, 2026

CVE-2017-13067

Description

QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNAP NAS using a transcoding service on port 9251. A remote user does not require any privileges to successfully execute an attack.

Affected products

QNAP/QTS Media Libary PRODUCTv5
Range: prior to 4.2.6 build 20170905

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.qnap.com/zh-hk/releasenotes/nvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.041
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000