TechRadar Posted March 11 Share Posted March 11 QNAP is sounding the alarm on its NAS devices, saying they’re vulnerable to flaws that could result in dangerous cyberattacks.The company has said some of its QTS, QuTS hero, QuTScloud, and myQNAPcloud products were vulnerable to three distinct flaws, one of which was particularly dangerous.That flaw is tracked as CVE-2024-21899, and described as an improper authentication mechanism. Hackers can use this vulnerability, the company explained, to remotely compromise the target system’s security, through the network. The other two vulnerabilities are tracked as CVE-2024-21900, and CVE-2024-21901. The former allows for arbitrary command execution, while the latter malicious SQL code injection. The difference between these two, and the first one, is that only the first one can be abused remotely, and without the need for authentication upfront. Patch, or face the consequences The versions of QNAP’s operating system vulnerable to these flaws are QTS 5.1.x, QTS 4.5.x, QuTS hero h5.1.x, QuTS hero h4.5.x, QuTScloud c5.x, and the myQNAPcloud 1.0.x service.To defend against potential attackers, QNAP NAS users are advised to upgrade their instances to these versions:QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later myQNAPcloud 1.0.52 (2023/11/24) and laterQNAP’s NAS devices are popular among SMBs, which makes them a major target for cybercrooks. The Taiwanese manufacturer often discovers, and patches, high severity and critical vulnerabilities, and users are advised to keep track and apply the patch at the earliest moment. Roughly a month ago, QNAP patched 24 vulnerabilities across its product range, including two high-severity flaws that could enable command execution, and in late January, QNAP patched a dangerous flaw affecting QTS 5.0.1 and QuTS hero h.5.0.1.Via BleepingComputer More from TechRadar Pro QNAP urges customers to update now to stay safe from dangerous security flawHere's a list of the best firewalls around todayThese are the best endpoint security tools right now View the full article Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.