• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
qnap fixes critical vulnerability in nas devices with latest security

QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates

You are here: Home / General Cyber Security News / QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates
January 31, 2023

Taiwanese company QNAP has introduced updates to remediate a critical security flaw influencing its network-attached storage (NAS) units that could direct to arbitrary code injection.

Tracked as CVE-2022-27596, the vulnerability is rated 9.8 out of a most of 10 on the CVSS scoring scale. It influences QTS 5..1 and QuTS hero h5..1.

“If exploited, this vulnerability will allow distant attackers to inject malicious code,” QNAP stated in an advisory introduced Monday.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The specific specialized particulars bordering the flaw are unclear, but the NIST Countrywide Vulnerability Databases (NVD) has classified it as an SQL injection vulnerability.

This suggests an attacker could deliver specially crafted SQL queries these that they could be weaponized to bypass security controls and entry or alter valuable information and facts.

“Just as it might be attainable to examine sensitive details, it is also possible to make variations or even delete this details with a SQL injection attack,” in accordance to MITRE.

The vulnerability has been dealt with in variations QTS 5..1.2234 construct 20221201 and later on, as well as QuTS hero h5..1.2248 develop 20221215 and later on.

Zero-working day vulnerabilities in uncovered QNAP appliances have been put to use by DeadBolt ransomware actors to breach concentrate on networks, building it crucial to update to the newest variation in buy to mitigate prospective threats.

To implement the updates, end users are suggested to log in to QTS or QuTS hero as an administrator, navigate to Manage Panel > System > Firmware Update, and choose “Check out for Update” underneath the “Are living Update” portion.

Uncovered this article appealing? Comply with us on Twitter  and LinkedIn to study more unique content material we publish.


Some pieces of this short article are sourced from:
thehackernews.com

Previous Post: «github breach: hackers stole code signing certificates for github desktop and GitHub Breach: Hackers Stole Code-Signing Certificates for GitHub Desktop and Atom
Next Post: QNAP: Patch Critical Remote Code Injection Bug Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.