QNAP pre-auth root RCE Exploit (CVE-2019-7192 ~ CVE-2019-7195)
for now, you can read system files (/etc/shadow, ssh private key, etc.)
Usage:
pip install -r requirements.txt # or just pip install requests
python3 gundy.py https://vulnerable_url:port
The vulnerabilities can be chained as a pre-auth root RCE, visit the following links for more details: