• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
qnap fixes critical vulnerability in nas devices with latest security

QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates

You are here: Home / General Cyber Security News / QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates
January 31, 2023

Taiwanese company QNAP has introduced updates to remediate a critical security flaw influencing its network-attached storage (NAS) units that could direct to arbitrary code injection.

Tracked as CVE-2022-27596, the vulnerability is rated 9.8 out of a most of 10 on the CVSS scoring scale. It influences QTS 5..1 and QuTS hero h5..1.

“If exploited, this vulnerability will allow distant attackers to inject malicious code,” QNAP stated in an advisory introduced Monday.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The specific specialized particulars bordering the flaw are unclear, but the NIST Countrywide Vulnerability Databases (NVD) has classified it as an SQL injection vulnerability.

This suggests an attacker could deliver specially crafted SQL queries these that they could be weaponized to bypass security controls and entry or alter valuable information and facts.

“Just as it might be attainable to examine sensitive details, it is also possible to make variations or even delete this details with a SQL injection attack,” in accordance to MITRE.

The vulnerability has been dealt with in variations QTS 5..1.2234 construct 20221201 and later on, as well as QuTS hero h5..1.2248 develop 20221215 and later on.

Zero-working day vulnerabilities in uncovered QNAP appliances have been put to use by DeadBolt ransomware actors to breach concentrate on networks, building it crucial to update to the newest variation in buy to mitigate prospective threats.

To implement the updates, end users are suggested to log in to QTS or QuTS hero as an administrator, navigate to Manage Panel > System > Firmware Update, and choose “Check out for Update” underneath the “Are living Update” portion.

Uncovered this article appealing? Comply with us on Twitter  and LinkedIn to study more unique content material we publish.


Some pieces of this short article are sourced from:
thehackernews.com

Previous Post: «github breach: hackers stole code signing certificates for github desktop and GitHub Breach: Hackers Stole Code-Signing Certificates for GitHub Desktop and Atom
Next Post: QNAP: Patch Critical Remote Code Injection Bug Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals
  • Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers
  • OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident
  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach

Copyright © TheCyberSecurity.News, All Rights Reserved.