December 10, 2023

QNAP has addressed two critical command injection vulnerabilities, tracked as CVE-2023-23368 and CVE-2023-23369, that impact the QTS operating system and applications on its network-attached storage (NAS) devices.

The vulnerability CVE-2023-23368 with a CVSS score 9.8 is an OS command injection issue that could be exploited by a remote attacker to execute commands via a network.

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute commands via a network.

Advertisements

The vulnerability CVE-2023-23369 with a CVSS score 9.0 could be exploited by a remote attacker to execute commands via a network.

An OS command injection vulnerability has been reported to affect several QNAP operating systems and application versions. If exploited, the vulnerability could allow remote attackers to execute commands via a network.

Customers are urged to address both vulnerabilities to prevent threat actors from exploiting them to take over devices running the vulnerable software.

Tags:

1 thought on “QNAP addresses critical vulnerabilities in its products

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may have missed

TheCyberThrone Security Week In Review – December 2nd & 10th, 2023

December 10, 2023

5Ghoul Vulnerabilities affects 5G devices

December 10, 2023

Microsoft EDGE Browser Critical Sandbox Escape Vulnerability – CVE-2023-35618

December 9, 2023

WordPress POP CMS Vulnerability

December 9, 2023

Apache Struts fixes Critical Vulnerability – CVE-2023-50164

December 8, 2023

Meta enables Messenger with E2EE by Default

December 8, 2023 2
%d