Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
QNAP fixes even more serious security flaws on its NAS devices
#1
QNAP has released a series of new patches which fix multiple high severity vulnerabilities that impact its NAS devices running the QES, QTS and QuTS hero operating systems.
In total, this latest round of security updates patch six vulnerabilities that affect older versions of the NAS maker's FreeBSD, Linux and 128-bit ZFS based operating systems.
TIM Security Red Team Research, Lodestone Security and the CFF of Topsec Alpha Team discovered and reported these security bugs to QNAP which if left unpatched, could be used to carry out command injection or cross-site scripting (XSS) on the company's NAS devices.
While the XSS vulnerabilities could allow a remote attacker to inject malicious code into vulnerable versions of QNAP's apps, the command injection bugs could be used to elevate privileges, execute arbitrary commands or even take over a device's underlying operating system.

Source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Mirai botnet targets 22 flaws in D-Link, Zyxel, Netgear devices mrtrout 0 558 06-22-2023 , 10:05 PM
Last Post: mrtrout
  QNAP warns of new Checkmate ransomware targeting NAS devices mrtrout 0 756 07-07-2022 , 11:13 PM
Last Post: mrtrout
  Microsoft November 2021 Patch Tuesday fixes 6 zero-days, 55 flaws mrtrout 0 689 11-09-2021 , 10:20 PM
Last Post: mrtrout
  Google releases Chrome 90 with HTTPS by default and security fixes Imran 0 1,169 04-15-2021 , 03:00 PM
Last Post: Imran
  NVIDIA fixes high severity flaws affecting Windows, Linux devices tarekma7 0 1,060 01-09-2021 , 05:28 PM
Last Post: tarekma7



Users browsing this thread: 1 Guest(s)