December 3, 2023

QNAP, a manufacturer of network-attached storage (NAS) systems, issued a warning to its users regarding a critical vulnerability that can be exploited through the Sudo program for Linux.

The vulnerability, named CVE-2023-22809, can potentially allow attackers to gain elevated privileges via Sudo versions 1.8.0 through 1.9.12p1, potentially resulting in unauthorized access to a user’s data. While there have been no reported cases of the vulnerability being exploited,.


QNAP has urged its customers to update their storage systems as soon as possible. All QNAP systems running QTS, QuTS hero, QuTScloud, QVP, and QVP Pro operating systems are at risk, and users are advised to check for updates regularly.

QNAP already released updates for QTS version (build 20230322 and newer) and QuTS hero version h5.0.1.2348 (build 20230324 and newer), which can be installed via the Firmware Update heading in the Control Panel under System.

QNAP is still working on updates for the other operating systems listed and will notify users once they become available

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: