Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-27130 PoC — QTS, QuTS hero

Source
https://github.com/d0rb/CVE-2024-27130
Associated Vulnerability
Title:QTS, QuTS hero (CVE-2024-27130)
Description:A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later
Description
This Python script is designed as a proof-of-concept (PoC) for the CVE-2024-27130 vulnerability in QNAP QTS
Readme

<div align="center">

[![Profile Visitors](https://komarev.com/ghpvc/?username=d0rb&label=Visitors&color=0e75b6&style=flat)](https://komarev.com/ghpvc/?username=d0rb)

 #  🇮🇱  **#BringThemHome #NeverAgainIsNow**   🇮🇱

**We demand the safe return of all citizens who have been taken hostage by the terrorist group Hamas. We will not rest until every hostage is released and returns home safely. You can help bring them back home.
https://stories.bringthemhomenow.net/**


# QNAP QTS CVE-2024-27130 PoC :lock:

This repository contains a proof-of-concept (PoC) script for exploiting CVE-2024-27130, a vulnerability affecting QNAP QTS. This vulnerability allows an attacker to execute arbitrary commands with root privileges. :warning:

## Description :mag_right:

The script exploits a vulnerability in QNAP QTS, enabling an attacker to execute arbitrary commands as root. It sends a specially crafted payload to the target QNAP device, triggering the vulnerability and granting the attacker root access. :computer:

For more information, refer to the [blog post](https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/) by Watchtowr Labs. :bookmark:

## Usage :hammer_and_wrench:

To use the script, provide the IP address or domain name of the target QNAP device as well as the SSID (Share ID). The script will attempt to exploit the vulnerability and create a new user with root privileges. :rocket:

```bash
python3 checker.py <host> <ssid>
File Snapshot

 [4.0K]  /data/pocs/1146a2aa43b53b2520e00dbaafec51ac0534e395
├── [1.2K]  Checker.py
├── [3.9K]  PoC.py
└── [1.5K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →