1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • QNAP warns its NAS devices are facing a critical security flaw b

    From TechnologyDaily@1337:1/100 to All on Mon Mar 11 16:15:05 2024
    QNAP warns its NAS devices are facing a critical security flaw but a patch
    is available, so update now

    Date:
    Mon, 11 Mar 2024 16:01:33 +0000

    Description:
    A flaw allows malware to be executed remotely without authentication on QNAP NAS devices.

    FULL STORY ======================================================================

    QNAP is sounding the alarm on its NAS devices , saying theyre vulnerable to flaws that could result in dangerous cyberattacks.

    The company has said some of its QTS, QuTS hero, QuTScloud, and myQNAPcloud products were vulnerable to three distinct flaws, one of which was particularly dangerous.

    That flaw is tracked as CVE-2024-21899, and described as an improper authentication mechanism. Hackers can use this vulnerability, the company explained, to remotely compromise the target systems security, through the network. The other two vulnerabilities are tracked as CVE-2024-21900, and CVE-2024-21901. The former allows for arbitrary command execution, while the latter malicious SQL code injection. The difference between these two, and
    the first one, is that only the first one can be abused remotely, and without the need for authentication upfront. Patch, or face the consequences

    The versions of QNAPs operating system vulnerable to these flaws are QTS 5.1.x, QTS 4.5.x, QuTS hero h5.1.x, QuTS hero h4.5.x, QuTScloud c5.x, and the myQNAPcloud 1.0.x service.

    To defend against potential attackers, QNAP NAS users are advised to upgrade their instances to these versions:

    QTS 5.1.3.2578 build 20231110 and later

    QTS 4.5.4.2627 build 20231225 and later

    QuTS hero h5.1.3.2578 build 20231110 and later

    QuTS hero h4.5.4.2626 build 20231225 and later

    QuTScloud c5.1.5.2651 and later

    myQNAPcloud 1.0.52 (2023/11/24) and later

    QNAPs NAS devices are popular among SMBs, which makes them a major target for cybercrooks. The Taiwanese manufacturer often discovers, and patches, high severity and critical vulnerabilities, and users are advised to keep track
    and apply the patch at the earliest moment.

    Roughly a month ago, QNAP patched 24 vulnerabilities across its product
    range, including two high-severity flaws that could enable command execution, and in late January, QNAP patched a dangerous flaw affecting QTS 5.0.1 and QuTS hero h.5.0.1.

    Via BleepingComputer More from TechRadar Pro QNAP urges customers to update now to stay safe from dangerous security flaw Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/qnap-warns-its-nas-devices-are-facing-a -critical-security-flaw-but-a-patch-is-available-so-update-now


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)