CVE-2020-2501 – QNAP / Surveillance Station – Out-of-bounds write

August 29, 2021

CVE-2020-2501 is an out-of-bounds write vulnerability impacting multiple versions of QNAP Surveillance Station. An exploit was observed in open source and a link to an exploit was shared in the underground.

Summary:

CVE-2020-2501 is an out-of-bounds write vulnerability impacting multiple versions of QNAP Surveillance Station. An exploit was observed in open source and a link to an exploit was shared in the underground.

PoC Links(if available):

SSD Secure Disclosure : QNAP Pre-Auth CGI_Find_Parameter RCE –

SSD Advisory – QNAP Pre-Auth CGI_Find_Parameter RCE

Known Counter Measures:

QNAP addressed the vulnerability in a security advisory with updated versions.

Links to patches(if available)

https://www.qnap.com/en/security-advisory/qsa-21-07

You may have missed

image

CACTUS Ransomware Victim: https://www[.]xdconnects[.]com/

April 19, 2024
iStock 154974489

Cyber Assessment Framework 3.2

April 19, 2024
hkcert

Palo Alto Products Remote Code Execution Vulnerability

April 19, 2024
HIBP Banner 1

Le Slip Français – 1,495,127 breached accounts

April 19, 2024
CISA Logo

CISA: Juniper Releases Security Bulletin for Multiple Juniper Products

April 19, 2024