## https://sploitus.com/exploit?id=CD6A3B4F-E85A-5F19-A15A-F766BC3FF7DD
# CVE-2024-27130-poc
CVE-2024-27130 is a serious vulnerability that affects QNAP Network Attached Storage (NAS) devices. This vulnerability stems from the unsafe use of the `strcpy` function in the `No_Support_ACL` function of the `share.cgi` script within the QTS operating system. It results in a stack buffer overflow. Attackers can exploit this vulnerability to execute arbitrary code on target systems through carefully crafted requests, thereby gaining full control over affected devices. The risks of this vulnerability include:
- **Remote Code Execution (RCE)**: Unauthorized attackers can execute arbitrary code remotely, leading to complete control over the system.
- **Data leakage and tampering**: Attackers may access, modify, or delete sensitive data stored on the NAS device.
- **Service interruption**: Malicious actions may cause service interruptions, affecting business continuity.
QNAP has addressed this vulnerability in QTS 5.1.7.2770 build 20240520 and later versions. It is recommended that users update their systems promptly to mitigate potential risks.