Vulnerability Management, Network Security

Several QNAP vulnerabilities addressed

Share

BleepingComputer reports that updates have been issued by QNAP to remediate several flaws impacting its routers, network-attached storage app, and other offerings, three of which were critical.

Most severe of the addressed vulnerabilities is the OS command injection flaw in QNAP's QuRouter 2.4.x offerings, tracked as CVE-2024-48860, which could be leveraged for remote command execution, while QNAP's Notes Station 3 note-taking and collaboration app for NAS systems is affected by a pair of critical bugs — including a missing authentication for critical functions flaw, tracked as CVE-2024-38643, and a server-side request forgery issue, tracked as CVE-2024-38645. A high-severity command injection flaw in QuRouter, tracked as CVE-2024-48861, and high-severity command injection and unauthorized data access issues in QNAP Notes Station 3, tracked as CVE-2024-38644 and CVE-2024-38646, have also been patched. QNAP has also fixed numerous other high-severity vulnerabilities impacting its QNAP AI Core, QTS, QuTS Hero, and QuLog Center products.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Related

Remote takeover likely with mySCADA myPRO flaws

Threat actors could leverage the bugs — which include improper and missing authentication, OS command injection, and path traversal vulnerabilities that have already been addressed by mySCADA after reporting by cybersecurity researcher Michael Heinzl — to execute arbitrary OS commands with escalated privileges and obtain unwarranted system and file access.

Related Events

Related Terms

BandwidthBroadcast AddressCellCollisionDecapsulationDisassemblyDomainDomain NameDomain Name System (DNS)Dynamic Routing Protocol

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.