QNAP Releases Patch for two Crucial Flaws Threatening Your NAS Gadgets

November 6, 2023

QNAP has launched security updates to handle two vital security flaws impacting its working system that might end in arbitrary code execution.

Tracked as CVE-2023-23368 (CVSS rating: 9.8), the vulnerability is described as a command injection bug affecting QTS, QuTS hero, and QuTScloud.

“If exploited, the vulnerability might enable distant attackers to execute instructions through a community,” the corporate stated in an advisory revealed over the weekend.

The shortcoming spans the beneath variations –

QTS 5.0.x (Mounted in QTS 5.0.1.2376 construct 20230421 and later)
QTS 4.5.x (Mounted in QTS 4.5.4.2374 construct 20230416 and later)
QuTS hero h5.0.x (Mounted in QuTS hero h5.0.1.2376 construct 20230421 and later)
QuTS hero h4.5.x (Mounted in QuTS hero h4.5.4.2374 construct 20230417 and later)
QuTScloud c5.0.x (Mounted in QuTScloud c5.0.1.2374 and later)

Additionally fastened by QNAP is one other command injection flaw in QTS, Multimedia Console, and Media Streaming add-on (CVE-2023-23369, CVSS rating: 9.0) that might enable distant attackers to execute instructions through a community.

The next variations of the software program are impacted –

QTS 5.1.x (Mounted in QTS 5.1.0.2399 construct 20230515 and later)
QTS 4.3.6 (Mounted in QTS 4.3.6.2441 construct 20230621 and later)
QTS 4.3.4 (Mounted in QTS 4.3.4.2451 construct 20230621 and later)
QTS 4.3.3 (Mounted in QTS 4.3.3.2420 construct 20230621 and later)
QTS 4.2.x (Mounted in QTS 4.2.6 construct 20230621 and later)
Multimedia Console 2.1.x (Mounted in Multimedia Console 2.1.2 (2023/05/04) and later)
Multimedia Console 1.4.x (Mounted in Multimedia Console 1.4.8 (2023/05/05) and later)
Media Streaming add-on 500.1.x (Mounted in Media Streaming add-on 500.1.1.2 (2023/06/12) and later)
Media Streaming add-on 500.0.x (Mounted in Media Streaming add-on 500.0.0.11 (2023/06/16) and later)

With QNAP gadgets exploited for ransomware assaults up to now, customers working one of many aforementioned variations are urged to replace to the most recent model to mitigate potential threats.

The event comes weeks after the Taiwanese firm disclosed it took down a malicious server utilized in widespread brute-force assaults focusing on internet-exposed network-attached storage (NAS) gadgets with weak passwords.

- Advertisment -

QNAP Releases Patch for two Crucial Flaws Threatening Your NAS Gadgets

Job termination rip-off warns employees of phony Employment Tribunal determination

Over 2,000 Palo Alto Networks Units Hacked in Ongoing Attack Marketing campaign

Google’s AI-Powered OSS-Fuzz Software Finds 26 Vulnerabilities in Open-Supply Tasks

LEAVE A REPLY Cancel reply

Most Popular

Why Instagram Threads is a hotbed of dangers for companies

1000’s of Juniper gadgets susceptible to unauthenticated RCE flaw

Phishing Campaigns Ship New SideTwist Backdoor and Agent Tesla Variant

Prospects warned to cancel bank cards

Telesign launches built-in API to mix conventional id verification channels

Atlas VPN zero-day vulnerability leaks customers’ actual IP tackle

Meet the cyber-criminals of 2023

EDITOR PICKS

10 issues it’s best to find out about navigating the darkish net

Fujitsu confirms buyer information uncovered in March cyberattack

NIST is lastly getting assist with the Nationwide Vulnerability Database backlog

POPULAR News

Why Instagram Threads is a hotbed of dangers for companies

1000’s of Juniper gadgets susceptible to unauthenticated RCE flaw

Phishing Campaigns Ship New SideTwist Backdoor and Agent Tesla Variant

POPULAR TAGS

POPULAR Tags

POPULAR Tags

ABOUT US

FOLLOW US