CVE-2020-2501 – QNAP / Surveillance Station – Out-of-bounds write

Click the icon to Follow me:- twitterTelegramRedditDiscord


CVE-2020-2501 is an out-of-bounds write vulnerability impacting multiple versions of QNAP Surveillance Station. An exploit was observed in open source and a link to an exploit was shared in the underground.

PoC Links(if available):

SSD Secure Disclosure : QNAP Pre-Auth CGI_Find_Parameter RCE –

SSD Advisory – QNAP Pre-Auth CGI_Find_Parameter RCE

Known Counter Measures:

QNAP addressed the vulnerability in a security advisory with updated versions.

Links to patches(if available)

Available for Amazon Prime