AI DevwWrld Chatbot Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Middle East Low Code No Code Summit TimeAI Summit

QNAP: critical intervention to resolve security flaws in NAS

Urgent security measures: QTS, QuTS hero and QuTScloud updated to counter serious threats

QNAP has released updates to fix two serious vulnerabilities in its NAS devices, which could allow attackers to execute commands. It is urgent to install these updates.

Contribute to spreading the culture of prevention!
Support our cause with a small donation by helping us raise awareness among users and companies about cyber threats and defense solutions.

This pill is also available in Italian language

QNAP Systems has released security alerts highlighting two relevant command injection vulnerabilities, affecting multiple versions of QTS, QuTS hero and QuTScloud firmware on its network-attached storage (NAS) devices. Cyber security analyst Pierluigi Paganini highlighted the seriousness of the threats that these flaws represent.

Identification and risk of security flaws

Identified with the code CVE-2023-23368, the first vulnerability obtains a score of 9.8, classifying it among the critical risk issues. A malicious user can exploit this flaw to execute unauthorized commands over the network. The second vulnerability, marked CVE-2023-23369 and with a severity score of 9.0, poses a similarly high risk.

Corrective measures for QNAP NAS

It is a priority for users of affected QNAP NAS devices to promptly apply security updates provided by the company. These updates are essential to preclude attack by malicious agents who have previously conducted malware campaigns aimed at exploiting outdated firmware versions of QNAP NAS.

Update information and procedures

Network administrators should check the device management interface, under the firmware update section, for the availability of new releases and proceed to download and install the most updated versions to mitigate the risk. The Multimedia Console and Media Streaming add-on components also need to be checked and updated via the device's App center. Finally, experts suggest avoiding paying ransoms in the event of attacks, as this does not guarantee resolution of the data compromise.

Follow us on Twitter for more pills like this

11/07/2023 21:10

Editorial AI

Last pills

Global blow to cybercrime: a major ransomware network has fallenCybercriminal organization busted: a success for global cybersecurity

Crisis in aviation: Rosaviatsia targeted by cyberattackCyber attack exposes vulnerability of Russian aviation sector

Introduction to the new SysJoker threatIn-depth analysis reveals evolutions and risks of SysJoker cross-platform malware

Cybersecurity strategies compared between Taiwan and JapanStrengthening digital defenses in the information age