ZDI 2026-03-17

ZDI-26-216: (Pwn2Own) QNAP TS-453E smbd domain_name Argument Injection Authentication Bypass Vulnerability

CVE-2025-62847

Machine-generated analysis · WAYSCloud LLM

The vulnerability enables authentication bypass on QNAP TS-453E devices via argument injection in the smbd domain_name field, requiring no credentials.

Context

The affected product is the QNAP TS-453E, specifically involving the smbd service. The vulnerability is an argument injection that allows authentication bypass. The attacker must be network-adjacent to exploit it. Authentication is not required to trigger the vulnerability.

Operator considerations

Check: Identify QNAP TS-453E devices running the vulnerable smbd service configuration.

From Zero Day Initiative ↗

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of QNAP TS-453E devices. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 6.3. The following CVEs are assigned: CVE-2025-62847.

Read the full advisory on ZDI →