HomeVulnerabilityQNAP Releases Patch for two Crucial Flaws Threatening Your NAS Gadgets

QNAP Releases Patch for two Crucial Flaws Threatening Your NAS Gadgets

QNAP has launched security updates to handle two vital security flaws impacting its working system that might end in arbitrary code execution.

Tracked as CVE-2023-23368 (CVSS rating: 9.8), the vulnerability is described as a command injection bug affecting QTS, QuTS hero, and QuTScloud.

“If exploited, the vulnerability might enable distant attackers to execute instructions through a community,” the corporate stated in an advisory revealed over the weekend.

The shortcoming spans the beneath variations –

  • QTS 5.0.x (Mounted in QTS 5.0.1.2376 construct 20230421 and later)
  • QTS 4.5.x (Mounted in QTS 4.5.4.2374 construct 20230416 and later)
  • QuTS hero h5.0.x (Mounted in QuTS hero h5.0.1.2376 construct 20230421 and later)
  • QuTS hero h4.5.x (Mounted in QuTS hero h4.5.4.2374 construct 20230417 and later)
  • QuTScloud c5.0.x (Mounted in QuTScloud c5.0.1.2374 and later)

Additionally fastened by QNAP is one other command injection flaw in QTS, Multimedia Console, and Media Streaming add-on (CVE-2023-23369, CVSS rating: 9.0) that might enable distant attackers to execute instructions through a community.

See also  Magic Keyboard vulnerability permits takeover of iOS, Android, Linux, and MacOS gadgets

The next variations of the software program are impacted –

  • QTS 5.1.x (Mounted in QTS 5.1.0.2399 construct 20230515 and later)
  • QTS 4.3.6 (Mounted in QTS 4.3.6.2441 construct 20230621 and later)
  • QTS 4.3.4 (Mounted in QTS 4.3.4.2451 construct 20230621 and later)
  • QTS 4.3.3 (Mounted in QTS 4.3.3.2420 construct 20230621 and later)
  • QTS 4.2.x (Mounted in QTS 4.2.6 construct 20230621 and later)
  • Multimedia Console 2.1.x (Mounted in Multimedia Console 2.1.2 (2023/05/04) and later)
  • Multimedia Console 1.4.x (Mounted in Multimedia Console 1.4.8 (2023/05/05) and later)
  • Media Streaming add-on 500.1.x (Mounted in Media Streaming add-on 500.1.1.2 (2023/06/12) and later)
  • Media Streaming add-on 500.0.x (Mounted in Media Streaming add-on 500.0.0.11 (2023/06/16) and later)

With QNAP gadgets exploited for ransomware assaults up to now, customers working one of many aforementioned variations are urged to replace to the most recent model to mitigate potential threats.

The event comes weeks after the Taiwanese firm disclosed it took down a malicious server utilized in widespread brute-force assaults focusing on internet-exposed network-attached storage (NAS) gadgets with weak passwords.

See also  URGENT: Improve GitLab - Vital Workspace Creation Flaw Permits File Overwrite

- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular