September 22, 2023

QNAP has warned customers to install firmware updates that fix five security vulnerabilities affecting its NAS devices. These vulnerabilities could allow attackers to execute commands, launch denial-of-service attacks.

CVE-2023-23362 : QNAP discovered an OS command injection vulnerability of high severity. When exploited, this vulnerability grants authenticated users the capability to execute commands over the network.

Affected Versions are given below:

  • QTS 5.0.1.2376 build 20230421 and later
  • QTS 4.5.4.2374 build 20230416 and later
  • QuTS hero h5.0.1.2376 build 20230421 and later
  • QuTS hero h4.5.4.2374 build 20230417 and later
  • QuTScloud c5.0.1.2374 and later
Advertisements

CVE-2023-23358 & CVE-2023-23359: QNAP uncovered two out-of-bounds write vulnerabilities. Once exploited, these allow authenticated users to initiate a DoS attack over the network.

CVE-2023-23360 & CVE-2023-23361: QNAP has discovered two NULL pointer dereference vulnerabilities have also been reported, again potentially leading to DoS attacks via the network.

Versions Affected by DoS Vulnerabilities:

  • QTS 5.0.1.2346 build 20230322 and later
  • QTS 4.5.4.2374 build 20230416 and later
  • QuTS hero h5.0.1.2348 build 20230324 and later
  • QuTS hero h4.5.4.2374 build 20230417 and later
  • QuTScloud c5.0.1.2374 and later

QNAP strongly advises its customers for timely system updates, ensuring you reap the benefits of vulnerability fixes.

Tags:

Leave a Reply

You may have missed

T-Mobile and Data Breach tightly coupled

September 21, 2023

Cisco Acquires Splunk in a blockbuster deal

September 21, 2023

Atlassian BitBucket and Confluence Vulnerabilities

September 21, 2023

Snatch ransomware Dissection

September 21, 2023

Fortinet Fixes Vulnerabilities in FortiOS

September 20, 2023

Trend Micro Endpoint Vulnerability – CVE-2023-41179

September 20, 2023
%d bloggers like this: