Remote Code Execution vulnerability in ALL versions of qBittorrent before 5.0.1

Transmission, qBittorrent, Aria 2 download applications
Locked
User avatar
Pe6yc
Posts: 29
Joined: 12 Jun 2023, 13:57
Russia

Remote Code Execution vulnerability in ALL versions of qBittorrent before 5.0.1

Post by Pe6yc »

All qBittorrent users are urged to update to 5.0.1, downloading it directly from https://qbittorrent.org (not by using the built-in updater!) due to a RCE bug in all other allowed versions.

Due to a bad choice back in 2010, qBittorrent does not check ANY SSL/TLS certificates. Due to this and other flaws, it opens up a risk of a Man-In-The-Middle attack that is then used as a Remote Code Execution, with either minimal or no user interaction required.

Included in the bad processes are the update check AND download, RSS feeds, favicons, automatic Python download on Windows, and the Maxmind GeoIP database update.

More details from the released information here: https://sharpsec.run/rce-vulnerability-in-qbittorrent/

Update native qBittorent to 5.0.1 version please.
User avatar
TMzethar
TM Support
Posts: 2815
Joined: 27 Oct 2020, 16:43

Re: Remote Code Execution vulnerability in ALL versions of qBittorrent before 5.0.1

Post by TMzethar »

Thank you for the reminder and we will continue to monitor and discuss plans.
To contact our team, please send email to following addresses, remember to replace (at) with @:
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
Locked

Return to “Download”