Latest Technology News

You are here: Home / Cyber Security News / QNAP Releases Patch for 2 Critical Flaws Threatening Your NAS Devices

QNAP has released security updates to deal with two critical security flaws impacting its functioning procedure that could outcome in arbitrary code execution.

Tracked as CVE-2023-23368 (CVSS score: 9.8), the vulnerability is explained as a command injection bug impacting QTS, QuTS hero, and QuTScloud.

“If exploited, the vulnerability could allow distant attackers to execute commands by means of a network,” the company explained in an advisory posted above the weekend.

The shortcoming spans the beneath variations –

  • QTS 5..x (Fixed in QTS 5..1.2376 build 20230421 and later)
  • QTS 4.5.x (Preset in QTS 4.5.4.2374 construct 20230416 and later on)
  • QuTS hero h5..x (Preset in QuTS hero h5..1.2376 make 20230421 and afterwards)
  • QuTS hero h4.5.x (Set in QuTS hero h4.5.4.2374 construct 20230417 and afterwards)
  • QuTScloud c5..x (Set in QuTScloud c5..1.2374 and afterwards)

Also fixed by QNAP is a further command injection flaw in QTS, Multimedia Console, and Media Streaming insert-on (CVE-2023-23369, CVSS score: 9.) that could permit distant attackers to execute commands by way of a network.

The next variations of the software package are impacted –

  • QTS 5.1.x (Fixed in QTS 5.1..2399 establish 20230515 and later)
  • QTS 4.3.6 (Mounted in QTS 4.3.6.2441 establish 20230621 and later)
  • QTS 4.3.4 (Set in QTS 4.3.4.2451 make 20230621 and later on)
  • QTS 4.3.3 (Preset in QTS 4.3.3.2420 develop 20230621 and later on)
  • QTS 4.2.x (Fixed in QTS 4.2.6 construct 20230621 and later)
  • Multimedia Console 2.1.x (Preset in Multimedia Console 2.1.2 (2023/05/04) and later)
  • Multimedia Console 1.4.x (Fastened in Multimedia Console 1.4.8 (2023/05/05) and later)
  • Media Streaming insert-on 500.1.x (Mounted in Media Streaming include-on 500.1.1.2 (2023/06/12) and later on)
  • Media Streaming include-on 500..x (Set in Media Streaming increase-on 500…11 (2023/06/16) and afterwards)

With QNAP devices exploited for ransomware attacks in the past, people operating a single of the aforementioned variations are urged to update to the newest model to mitigate opportunity threats.

The growth arrives weeks right after the Taiwanese corporation disclosed it took down a destructive server utilised in prevalent brute-pressure assaults focusing on internet-uncovered network-connected storage (NAS) units with weak passwords.

Discovered this posting exciting? Observe us on Twitter  and LinkedIn to browse a lot more special content material we put up.

Some parts of this article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *