Overview In 2019, multiple vulnerabilities had discovered for QNAP PhotoStation and CGI programs. These vulnerabilities can be chained into a pre-auth root Remote Code Execution. More than 450K devices using QNAP PhotoStation and CGI programs are vulnerable to attack. Vulnerability 1: Pre-Auth Local File Disclosure Vulnerable code present in following function, After execution of exportfile … Continue reading “QNAP Pre-Auth Root RCE Vulnerability(CVE-2019-7192,CVE-2019-7193,CVE-2019-7194,CVE-2019-7195)”