QNAP Releases Patch for 2 Critical Flaws Threatening Your NAS Devices

QNAP has unveiled security updates to handle two critical security flaws impacting its working procedure that could final result in arbitrary code execution.

Tracked as CVE-2023-23368 (CVSS rating: 9.8), the vulnerability is described as a command injection bug influencing QTS, QuTS hero, and QuTScloud.

“If exploited, the vulnerability could enable distant attackers to execute instructions by means of a network,” the organization claimed in an advisory published above the weekend.

✔ Approved Seller From Our Partners

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount

The shortcoming spans the down below variations –

• QTS 5..x (Mounted in QTS 5..1.2376 build 20230421 and later)
• QTS 4.5.x (Mounted in QTS 4.5.4.2374 develop 20230416 and afterwards)
• QuTS hero h5..x (Fixed in QuTS hero h5..1.2376 build 20230421 and later)
• QuTS hero h4.5.x (Fixed in QuTS hero h4.5.4.2374 develop 20230417 and later on)
• QuTScloud c5..x (Preset in QuTScloud c5..1.2374 and later)

Also fixed by QNAP is an additional command injection flaw in QTS, Multimedia Console, and Media Streaming incorporate-on (CVE-2023-23369, CVSS score: 9.) that could make it possible for distant attackers to execute instructions by way of a network.

The adhering to variations of the software program are impacted –

• QTS 5.1.x (Fastened in QTS 5.1..2399 develop 20230515 and afterwards)
• QTS 4.3.6 (Fixed in QTS 4.3.6.2441 establish 20230621 and later on)
• QTS 4.3.4 (Fastened in QTS 4.3.4.2451 construct 20230621 and afterwards)
• QTS 4.3.3 (Mounted in QTS 4.3.3.2420 build 20230621 and later)
• QTS 4.2.x (Fixed in QTS 4.2.6 make 20230621 and afterwards)
• Multimedia Console 2.1.x (Mounted in Multimedia Console 2.1.2 (2023/05/04) and afterwards)
• Multimedia Console 1.4.x (Mounted in Multimedia Console 1.4.8 (2023/05/05) and afterwards)
• Media Streaming incorporate-on 500.1.x (Preset in Media Streaming include-on 500.1.1.2 (2023/06/12) and afterwards)
• Media Streaming insert-on 500..x (Fastened in Media Streaming increase-on 500…11 (2023/06/16) and later on)

With QNAP gadgets exploited for ransomware attacks in the past, customers jogging a single of the aforementioned variations are urged to update to the most current edition to mitigate probable threats.

The improvement will come weeks right after the Taiwanese corporation disclosed it took down a malicious server utilized in popular brute-pressure attacks concentrating on internet-uncovered network-connected storage (NAS) products with weak passwords.

Located this article attention-grabbing? Comply with us on Twitter  and LinkedIn to browse more exclusive articles we write-up.