Security News > 2023 > November > QNAP Releases Patch for 2 Critical Flaws Threatening Your NAS Devices
2023-11-06 16:55
QNAP has released security updates to address two critical security flaws impacting its operating system that could result in arbitrary code execution. Tracked as CVE-2023-23368 (CVSS score: 9.8), the vulnerability is described as a command injection bug affecting QTS, QuTS hero, and QuTScloud. "If exploited, the vulnerability could allow remote attackers to execute commands via a network," the
News URL
https://thehackernews.com/2023/11/qnap-releases-patch-for-2-critical.html
Related news
- BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products (source)
- Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected (source)
- Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now (source)
- SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation (source)
- QNAP fixes six Rsync vulnerabilities in NAS backup, recovery app (source)
- Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-03 | CVE-2023-23368 | Unspecified vulnerability in Qnap Qts, Quts Hero and Qutscloud An OS command injection vulnerability has been reported to affect several QNAP operating system versions. | 9.8 |