qBittorrent RCE Vulnerability Let Attackers Inject Malicious Script

A extreme safety vulnerability in qBittorrent, affecting variations 3.2.1 via 5.0.0, has been found that allowed attackers to carry out distant code execution (RCE) via a number of assault vectors.

The flaw, which has gone unnoticed since April 2010, permits attackers to inject malicious scripts and execute arbitrary code on affected techniques.

The vulnerability stems from qBittorrent’s DownloadManager class, which has ignored SSL certificates validation errors for practically 15 years.

Defending Your Networks & Endpoints With UnderDefense MDR – Request Free Demo

This oversight signifies that the software program has been accepting any certificates, whether or not expired, self-signed, or malicious, facilitating man-in-the-middle (MITM) assaults. Listed here are the important thing areas the place this vulnerability might be exploited:

• Malicious Executable Loader: On Home windows, qBittorrent prompts customers to put in or replace Python from a hardcoded URL if the search plugin requires it. This course of downloads, executes, after which deletes an executable file, which could be hijacked to run malicious software program.
• Browser Hijacking: qBittorrent checks for updates by downloading an RSS feed from a hardcoded URL. If manipulated, this feed can direct customers to obtain a malicious executable, disguised as an replace.
• RSS Feed Injection: RSS feeds are parsed with out correct validation, permitting attackers to inject arbitrary URLs, which, when clicked, may result in the obtain or execution of malicious content material.
• Decompression Library Exploits: The automated obtain and decompression of MaxMind GeoIP database recordsdata might be exploited if vulnerabilities exist within the decompression libraries, such because the buffer overflow challenge in zlib.

The default conduct of qBittorrent was modified to incorporate SSL certificates verification with commit 3d9e971 on October 12, 2024, and the primary patched launch, model 5.0.1, was launched solely two days in the past. Nevertheless, customers of older variations are nonetheless in danger. Listed here are some advisable mitigations:

• Improve to Newest Model: Customers ought to instantly improve to model 5.0.1 or later, which incorporates the mandatory safety fixes.
• Various Torrent Shoppers: Think about switching to different torrent purchasers like Deluge or Transmission, which should not have this vulnerability.

This vulnerability places customers vulnerable to varied types of assaults, from malware an infection to information theft, particularly since qBittorrent’s intensive use makes it a chief goal. The dearth of certificates validation allowed attackers to carry out MITM assaults with out the standard complexities, making surveillance and exploitation simpler.

The invention of this essential vulnerability in qBittorrent underscores the significance of standard software program updates and the necessity for strong safety measures in widely-used functions. Customers are urged to stay vigilant, replace their software program, and take into account safer options till widespread patches are deployed.

Run personal, Actual-time Malware Evaluation in each Home windows & Linux VMs. Get a 14-day free trial with ANY.RUN!