Multiple NAS devices, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, are vulnerable to three critical severity flaws. Tracked as CVE-2024-21899, CVE-2024-21900, & CVE-2024-21901, the vulnerabilities could allow authenticated administrators to inject malicious code via a network that compromises the system’s security.
Tag: QNAP NAS
QNAP QTS OS Command Injection Vulnerabilities (CVE-2023-47218 & CVE-2023-50358)
Two OS command injection vulnerabilities impact the operating systems embedded in the firmware of QNAP’s popular network-attached storage (NAS) devices. Tracked as CVE-2023-47218 and CVE-2023-50358, the vulnerabilities may allow users to execute commands via a network. The vulnerabilities affect QNAP operating systems such as QTS, QuTS Hero, and QuTS Cloud. CVE-2023-47218 can be exploited by … Continue reading “QNAP QTS OS Command Injection Vulnerabilities (CVE-2023-47218 & CVE-2023-50358)”
QSnatch malware aka “Derek” multiple vulnerabilities
In mid-June 2020, QNAP devices were found to be vulnerable to older Qsnatch malware campaigns of 2014 and 2017. Description The vulnerabilities due to Qsnatch has high to critical impact on QNAP NAS devices. A joint advisory published by CISA and NCSC says that “it has infected 62,000 devices worldwide, including 3900 in the UK … Continue reading “QSnatch malware aka “Derek” multiple vulnerabilities”