Security News

Emergency patches released for critical vulns impacting EOL Zyxel NAS boxes
2024-06-05 17:30

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models
2024-06-05 07:10

Zyxel has released security updates to address critical flaws impacting two of its network-attached storage (NAS) devices that have currently reached end-of-life (EoL) status. Successful...

Zyxel issues emergency RCE patch for end-of-life NAS devices
2024-06-04 17:28

Zyxel Networks has released an emergency security update to address three critical vulnerabilities impacting older NAS devices that have reached end-of-life. Although both NAS models reached the end of their support period on December 31, 2023, Zyxel released fixes for the three critical flaws in versions 5.21(AAZF.17)C0 for NAS326 and 5.21(ABAG.14)C0 for NAS542.

QNAP Patches New Flaws in QTS and QuTS hero Impacting NAS Appliances
2024-05-22 05:15

Taiwanese company QNAP has rolled out fixes for a set of medium-severity flaws impacting QTS and QuTS hero, some of which could be exploited to achieve code execution on its network-attached...

15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130)
2024-05-21 14:16

Researchers have found 15 vulnerabilities in QNAP's network attached storage devices, and have released a proof-of-concept for one: an unauthenticated stack overflow vulnerability that may be leveraged for remote code execution. "Given the shared-access model of the NAS device, which permits sharing files with specific users, both authenticated and unauthenticated bugs were of interest to us," they said.

Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks
2024-04-09 05:46

Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-Link network-attached storage (NAS) devices. Tracked...

Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks
2024-04-08 22:17

Attackers are now actively targeting over 92,000 end-of-life D-Link Network Attached Storage devices exposed online and unpatched against a critical remote code execution zero-day flaw. Mirai variants are usually designed to add infected devices to a botnet that can be used in large-scale distributed denial-of-service attacks.

92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273)
2024-04-08 09:00

A vulnerability in four old D-Link NAS models could be exploited to compromise internet-facing devices, a threat researcher has found.The existence of the flaw was confirmed by D-Link last week, and an exploit for opening an interactive shell has popped up on GitHub.

Over 92,000 exposed D-Link NAS devices have a backdoor account
2024-04-06 14:16

A threat researcher has disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage device models. The two main issues contributing to the flaw, tracked as CVE-2024-3273, are a backdoor facilitated through a hardcoded account and a command injection problem via the "System" parameter.

QNAP warns of critical auth bypass flaw in its NAS devices
2024-03-08 20:03

QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices. NAS devices often store large amounts of valuable data for businesses and individuals, including sensitive personal information, intellectual property, and critical business data.