QNAP fixes host of security updates following major issues

QNAP addresses 17 vulnerabilities with a variety of patches
Among the affected products are Notes Station 3, QuRouter, and others
Some of the bugs are deemed critical and highly dangerous

QNAP has released fixes for a number of security vulnerabilities, including several flaws deemed “critical”.

In total, QNAP addressed 17 different vulnerabilities, and the full detailed list can be found on this link. Since many of the flaws are critical and can be used to take over endpoints, steal sensitive data, and deploy malware, users are advised to apply the patches as soon as possible.

In its security advisory, QNAP said the vulnerabilities affected Notes Station 3, QuRouter, AI Core, QuLog Center, QTS, and QuTS Hero.

Patches and fixes

The most severe of the bugs is an OS command injection flaw that allows threat actors to run arbitrary commands on the target system. It impacts QNAP’s high-speed, secure routers QuRouter 2.4.x. It is tracked as CVE-2024-48860 and has a severity score of 9.5 (critical).

The second-highest, critical vulnerability, is tracked as CVE-2024-38645, and has a score of 9.4. It was found in QNAP’s note-taking and collaboration application Notes Station 3, and is tracked as CVE-2024-38645. This one is described as a server-side request forgery (SSRF) bug that enables threat actors with authentication credentials to send custom-built requests and ultimately expose sensitive app data.

Another Notes Station 3 flaw made the top three, CVE-2024-38643, with a severity score of 9.3. This missing authentication for critical functions bug allows crooks to gain unauthorized access and run different system functions, which can lead to credential theft and system compromise.

QNAP devices are extremely popular targets for cybercriminals, and as such should be handled with care. Security experts advise these advices never be connected directly to the internet, but rather be protected behind a VPN.

Via BleepingComputer

https://cdn.mos.cms.futurecdn.net/UJ5CFPQLDaMmXUqcw3CEXh-1200-80.jpg

Source link

The best Black Friday JBL deals on headphones, speakers, and soundbars, all vetted by our audio expert

40% off select tools and tool accessories at Home Depot. Thank you, Black Friday.

Prime Video’s #2 most-watched show Cruel Intentions has a cruel 33% Rotten Tomatoes score – here are 3 better dramas with over 90% on...

VPN demand soars in Pakistan as internet remains restricted

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

People are driving through flames to escape this California wildfire

New ‘Westworld’ trailer introduces us to another dystopian tech company

What’s the point of ‘Charlie’s Angels’ without Sam Rockwell dancing?

These striking photos capture the future of human flight

‘Heathers’ is still the best dark comedy about high school hell

Trump vs. Harris: How the election will affect EV adoption

Lumwana’s Super Pit Expansion Officially Launched By Investing.com

How Biden could use a 1947 law to suspend the dockworkers’ strike

Why your Roth IRA conversions could have ‘unintended’ tax consequences

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays

QNAP fixes host of security updates following major issues

The best Black Friday JBL deals on headphones, speakers, and soundbars, all vetted by our audio expert

40% off select tools and tool accessories at Home Depot. Thank you, Black Friday.

Prime Video’s #2 most-watched show Cruel Intentions has a cruel 33% Rotten Tomatoes score – here are 3 better dramas with over 90% on...

VPN demand soars in Pakistan as internet remains restricted

Leave a reply Cancel reply