Security News > 2020 > May > Vulnerabilities Exposed Hundreds of Thousands of QNAP NAS Devices to Attacks
Three vulnerabilities identified in QNAP Photo Station last year could be chained to achieve pre-authentication remote code execution on affected QNAP network-attached storage devices.
QNAP Photo Station is a photo album application that is present on the majority of QNAP NAS systems, allowing users to easily organize photos and videos on those devices, as well as to share them with others over the Internet.
All QNAP NAS devices with Photo Station on them would be impacted by these issues, thus being exposed to attacks, Huang explains.
QNAP issued patches for these vulnerabilities in November last year, confirming that multiple versions of QTS and Photo Station are impacted.
All QNAP NAS devices running Photo Station that do not run the latest versions of QTS and Photo Station are exposed to attacks looking to exploit these vulnerabilities.
News URL
Related news
- QNAP fixes NAS backup software zero-day exploited at Pwn2Own (source)
- Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) (source)
- OvrC Platform Vulnerabilities Expose IoT Devices to Remote Attacks and Code Execution (source)
- Critical bug in EoL D-Link NAS devices now exploited in attacks (source)
- QNAP pulls buggy QTS firmware causing widespread NAS issues (source)
- QNAP addresses critical flaws across NAS, router software (source)
- VPN vulnerabilities, weak credentials fuel ransomware attacks (source)