Security News > 2023 > November > QNAP warns of critical command injection flaws in QTS OS, apps
QNAP Systems published security advisories for two critical command injection vulnerabilities that impact multiple versions of the QTS operating system and applications on its network-attached storage devices.
It is a command injection vulnerability that a remote attacker can exploit to execute commands via a network.
QTS versions affected by the security issue are QTS 5.0.x and 4.5.x, QuTS hero h5.0.x and h4.5.x, and QuTScloud c5.0.1.
To update QTS, QuTS hero, or QuTScloud, administrators can log in and navigate to Control Panel > System > Firmware Update, and click on "Check for Update" under Live Update to download and install the latest version.
Updating the Multimedia Console is possible by looking for the installation in the App Center and clicking the "Update" button.
Since NAS devices are typically used to store data, command execution flaws could have a serious impact as cybercriminals are often looking for new targets to steal and/or encrypt sensitive data from.