NAS manufacturer QNAP is warning customers about critical vulnerabilities that allow attackers to inject and execute commands remotely. Various versions of the QTS operating system and applications on its NAS devices are affected.
Updates are already being distributed, so users should urgently check whether they are already up to date. The update is highly recommended – one of the vulnerabilities received a risk rating of 9.8 out of 10.
QNAP devices have been the target of large-scale ransomware attacks several times in the past. A year ago, the Deadbolt ransomware gang exploited a zero-day vulnerability to encrypt NAS devices that were freely accessible on the Internet.
In order to avoid major problems, the following updates are available:
The first vulnerability is known as CVE-2023-23368 and has a critical severity score of 9.8 out of 10. It is a vulnerability that an attacker could exploit to execute commands over a network. The QTS versions affected by the vulnerability are QTS 5.0.x and 4.5.x, QuTS hero h5.0.x and h4.5.x, and QuTScloud c5.0.1.
The second vulnerability is listed as CVE-2023-23369 and has a severity of 9.0. It could also be exploited by a remote attacker and have the same effect as the first.
The QTS versions 5.1.x, 4.3.6, 4.3.4, 4.3.3 and 4.2.x, Multimedia Console 2.1.x and 1.4.x as well as Media Streaming Add-on 500.1.x and 500.0.x are affected.
To update QTS, QuTS hero, or QuTScloud, you must log in as an administrator and navigate to Control Panel > System > Firmware Update. Click on “Check for update” under “Live Update” to download and install the latest version. Updates are also available as manual downloads from the QNAP website.
Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.
