QNAP QTAP Qualcomm components Multiple Unspecified Security Vulnerabilities
QNAP QTAP is prone to the following multiple security vulnerabilities:
1. Multiple unspecified command-injection vulnerabilities. [CVE-2017-6361, CVE-2017-6360, and CVE-2017-6359] These issues are further discussed in BID 97059 QNAP QTS Multiple Arbitrary Command Execution Vulnerabilities
2. Multiple unspecified stack-based vulnerabilities.
3. Multiple security-bypass vulnerabilities.
4. A directory-traversal vulnerability.
5. A click-jacking vulnerability.
6. An unspecified SQL-injection vulnerability.
7. An unspecified cross-site scripting vulnerability.
8. An unspecified heap-overflow vulnerability.
9. A security vulnerability exists due to a configuration error. [CVE-2017-5227]
An attacker can exploit these issues to run arbitrary commands, execute arbitrary code, bypass security-mechanisms, gain sensitive information, gain access to the underlying database to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Failed exploits can result in a denial-of-service condition.