QNAP warns of essential command injection flaws in QTS OS, apps







QNAP warns of critical command injection flaws in QTS OS, apps

QNAP Programs printed safety advisories for 2 essential command injection vulnerabilities that influence a number of variations of the QTS working system and functions on its network-attached storage (NAS) units.

The primary flaw is being tracked as CVE-2023-23368 and has a essential severity score of 9.8 out of 10. It’s a command injection vulnerability {that a} distant attacker can exploit to execute instructions through a community.

QTS variations affected by the safety subject are QTS 5.0.x and 4.5.x, QuTS hero h5.0.x and h4.5.x, and QuTScloud c5.0.1.

Fixes can be found within the following releases: 

  • QTS construct 20230421 and later
  • QTS construct 20230416 and later
  • QuTS hero h5.0.1.2376 construct 20230421 and later
  • QuTS hero h4.5.4.2374 construct 20230417 and later
  • QuTScloud c5.0.1.2374 and later

The second vulnerability is recognized as CVE-2023-23369 and has a decrease severity score of 9.0 and is also exploited by a distant attacker to the identical impact because the earlier one.

Impacted QTS variations embrace 5.1.x, 4.3.6, 4.3.4, 4.3.3, and 4.2.x, Multimedia Console 2.1.x and 1.4.x, and Media Streaming add-on 500.1.x and 500.0.x.

Fixes can be found in:

  • QTS construct 20230515 and later
  • QTS construct 20230621 and later
  • QTS construct 20230621 and later
  • QTS construct 20230621 and later
  • QTS 4.2.6 construct 20230621 and later
  • Multimedia Console 2.1.2 (2023/05/04) and later
  • Multimedia Console 1.4.8 (2023/05/05) and later
  • Media Streaming add-on 500.1.1.2 (2023/06/12) and later
  • Media Streaming add-on 500.0.0.11 (2023/06/16) and later

To replace QTS, QuTS hero, or QuTScloud, directors can log in and navigate to Management Panel > System > Firmware Replace, and click on on “Examine for Replace” beneath Dwell Replace to obtain and set up the newest model. Updates are additionally out there as handbook downloads from QNAP’s web site.

Updating the Multimedia Console is feasible by on the lookout for the set up within the App Middle and clicking the “Replace” button (out there provided that a more recent model exists). The method is analogous for updating the Media Streaming add-on, which customers also can find by looking out the App Middle.

Since NAS units are sometimes used to retailer information, command execution flaws may have a severe influence as cybercriminals are sometimes on the lookout for new targets to steal and/or encrypt delicate information from. Attackers can then demand a ransom from the sufferer to not leak the info or to decrypt it.

QNAP units have been focused up to now in large-scale ransomware assaults. A yr in the past, the Deadbolt ransomware gang exploited a zero-day vulnerability to encrypt NAS units uncovered on the general public web.

That mentioned, QNAP customers are suggested to use the out there safety updates as quickly as attainable.


Supply hyperlink

Share this


Google Presents 3 Suggestions For Checking Technical web optimization Points

Google printed a video providing three ideas for utilizing search console to establish technical points that may be inflicting indexing or rating issues. Three...

A easy snapshot reveals how computational pictures can shock and alarm us

Whereas Tessa Coates was making an attempt on wedding ceremony clothes final month, she posted a seemingly easy snapshot of herself on Instagram...

Recent articles

More like this


Please enter your comment!
Please enter your name here