CVE-2020-2501 – QNAP / Surveillance Station – Out-of-bounds write
CVE-2020-2501 is an out-of-bounds write vulnerability impacting multiple versions of QNAP Surveillance Station. An exploit was observed in open source and a link to an exploit was shared in the underground.
Summary:
CVE-2020-2501 is an out-of-bounds write vulnerability impacting multiple versions of QNAP Surveillance Station. An exploit was observed in open source and a link to an exploit was shared in the underground.
PoC Links(if available):
SSD Secure Disclosure : QNAP Pre-Auth CGI_Find_Parameter RCE –
Known Counter Measures:
QNAP addressed the vulnerability in a security advisory with updated versions.
Links to patches(if available)
https://www.qnap.com/en/security-advisory/qsa-21-07
