QNAP Releases Patch for 2 Critical Flaws Threatening Your NAS Devices

QNAP Releases Patch for 2 Critical Flaws Threatening Your NAS Devices

QNAP has released security updates to address two critical security flaws impacting its operating system that could result in arbitrary code execution.
Tracked as CVE-2023-23368 (CVSS score: 9.8), the vulnerability is described as a command injection bug affecting QTS, QuTS hero, and QuTScloud.
“If exploited, the vulnerability could allow remote attackers to execute commands via a network,” the company said in an advisory published over the weekend.
The shortcoming spans the below versions –
Also fixed by QNAP is another command injection flaw in QTS, Multimedia Console, and Media Streaming add-on (CVE-2023-23369, CVSS score: 9.0) that could allow remote attackers to execute commands via a network.
The following versions of the software are impacted –
With QNAP devices exploited for ransomware attacks in the past, users running one of the aforementioned versions are urged to update to the latest version to mitigate potential threats.
The development comes weeks after the Taiwanese company disclosed it took down a malicious server used in widespread brute-force attacks targeting internet-exposed network-attached storage (NAS) devices with weak passwords.
Join us for our webinar to learn how to tackle challenges, launch a program, and choose the right solution.
Join the conversation to learn how to combat Zenbleed and Kubernetes attacks.
Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.

source