ZDI-26-199: (Pwn2Own) QNAP TS-453E conn_log_tool Format String Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-453E devices. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The ZDI has assigned a CVSS rating of 5.5. The following CVEs are assigned: CVE-2025-62848.

Source link

What's Hot

SSA-734261 V1.0: Authentication Bypass Vulnerability in Energy Services Using Elspec G5DFR

Incident: Eagers Automotive says IT outage stems from cyber incident | iTnews

Accelerating Our Footprint and Innovation: Why VulnCheck Posted a Record-Setting Q3 | Blog

SSA-734261 V1.0: Authentication Bypass Vulnerability in Energy Services Using Elspec G5DFR

Incident: Eagers Automotive says IT outage stems from cyber incident | iTnews

CISA Adds One Known Exploited Vulnerability to Catalog

Global Takedown of Massive IoT Botnets Halts Record-Breaking Cyberattacks

Catchy & Intriguing

The Grandparent Scam: How AI Voice Technology Makes This Old Con Deadlier Than Ever

Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

Most Popular

Global Takedown of Massive IoT Botnets Halts Record-Breaking Cyberattacks

Catchy & Intriguing

The Grandparent Scam: How AI Voice Technology Makes This Old Con Deadlier Than Ever

Our Picks

SSA-734261 V1.0: Authentication Bypass Vulnerability in Energy Services Using Elspec G5DFR

Incident: Eagers Automotive says IT outage stems from cyber incident | iTnews

Accelerating Our Footprint and Innovation: Why VulnCheck Posted a Record-Setting Q3 | Blog

Subscribe to Updates

What's Hot

ZDI-26-199: (Pwn2Own) QNAP TS-453E conn_log_tool Format String Remote Code Execution Vulnerability

Related Posts

Subscribe to Updates