The QNAP Android applications Qnotes 1.1.8.0128 and Qget 188.8.131.529 suffer from unintended data leakage. A malicious process can use this vulnerability to gain access to cached data and logon credentials for the back-end NAS device.
Author Archive for: mwoods
About Mark Woods
This author has yet to write their bio.Meanwhile lets just say that we are proud Mark Woods contributed a whooping 6 entries.
Entries by Mark Woods
tl;dr Nettitude has discovered that the iArtist application is vulnerable to CWE-290 Authentication Bypass by Spoofing. This flaw can be leveraged to remove the need to supply valid credentials when uploading a presentation. Additionally, the Signage Station system suffers from CWE-768 Use of Hard-coded Credentials. This grants access to the host NAS FTP service and […]
tl;dr Nettitude researchers have discovered that QNAP Signage Station is vulnerable to CWE-434, Unrestricted Upload of File with Dangerous Type. This flaw can be leveraged by a low privileged remote user to gain interactive system access as a member of the Administrator’s group. Introduction Signage Station is a QNAP authored application that runs on a […]