Latest Cyber Security News

You are here: Home / General Cyber Security News / QNAP Releases Firmware Patches for 9 New Flaws Affecting NAS Devices
May 7, 2022

QNAP, Taiwanese maker of network-hooked up storage (NAS) gadgets, on Friday released security updates to patch nine security weaknesses, together with a critical issue that could be exploited to get around an impacted technique.

“A vulnerability has been described to influence QNAP VS Collection NVR working QVR,” QNAP explained in an advisory. “If exploited, this vulnerability lets distant attackers to operate arbitrary commands.”

Tracked as CVE-2022-27588 (CVSS rating: 9.8), the vulnerability has been addressed in QVR 5.1.6 establish 20220401 and later. Credited with reporting the flaw is the Japan Laptop Emergency Response Team Coordination Center (JPCERT/CC).

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Apart from the critical shortcoming, QNAP has also settled 3 high-severity and 5 medium-severity bugs in its software package –

  • CVE-2021-38693 (CVSS score: 5.3) – A route traversal vulnerability in thttpd affecting QNAP equipment managing QTS, QuTS hero, QuTScloud, and QVR Pro Equipment, leading to facts disclosure
  • CVE-2021-44051 (CVSS score: 8.8) – A command injection vulnerability in QNAP equipment functioning QTS, QuTS hero, and QuTScloud, resulting in arbitrary command execution
  • CVE-2021-44052 (CVSS score: 6.5) – An poor hyperlink resolution right before file entry (“backlink following”) vulnerability in QNAP gadgets operating QTS, QuTS hero, and QuTScloud, allowing for attackers to browse/produce documents in arbitrary file spots
  • CVE-2021-44053 (CVSS rating: 5.7) – A cross-internet site scripting (XSS) vulnerability in QNAP products managing QTS, QuTS hero, and QuTScloud, major to code injection
  • CVE-2021-44054 (CVSS score: 4.3) – An open up redirect vulnerability in QNAP gadgets running QTS, QuTS hero, and QuTScloud, generating it feasible to redirect end users to a rogue web pages
  • CVE-2021-44055 (CVSS score: 5.3) – A lacking authorization vulnerability in QNAP units functioning Video Station, allowing for attackers to entry info or conduct unauthorized actions
  • CVE-2021-44056 (CVSS rating: 7.1) – An poor authentication vulnerability in QNAP units functioning Video clip Station, main to technique compromise
  • CVE-2021-44057 (CVSS score: 7.1) – An incorrect authentication vulnerability in QNAP devices managing Image Station, primary to method compromise

Identified this report appealing? Observe THN on Facebook, Twitter  and LinkedIn to read much more unique content material we publish.


Some areas of this posting are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *