Security News > 2023 > November > QNAP Releases Patch for 2 Critical Flaws Threatening Your NAS Devices
2023-11-06 16:55
QNAP has released security updates to address two critical security flaws impacting its operating system that could result in arbitrary code execution. Tracked as CVE-2023-23368 (CVSS score: 9.8), the vulnerability is described as a command injection bug affecting QTS, QuTS hero, and QuTScloud. "If exploited, the vulnerability could allow remote attackers to execute commands via a network," the
News URL
https://thehackernews.com/2023/11/qnap-releases-patch-for-2-critical.html
Related news
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- QNAP addresses critical flaws across NAS, router software (source)
- QNAP fixes NAS backup software zero-day exploited at Pwn2Own (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- D-Link won’t fix critical flaw affecting 60,000 older NAS devices (source)
- Critical bug in EoL D-Link NAS devices now exploited in attacks (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- QNAP pulls buggy QTS firmware causing widespread NAS issues (source)
- CISA Urges Agencies to Patch Critical "Array Networks" Flaw Amid Active Attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-03 | CVE-2023-23368 | Unspecified vulnerability in Qnap Qts, Quts Hero and Qutscloud An OS command injection vulnerability has been reported to affect several QNAP operating system versions. | 9.8 |