QNAP

Pierluigi Paganini May 21, 2024
Experts released PoC exploit code for RCE in QNAP QTS

Experts warn of fifteen vulnerabilities in the QNAP QTS, the operating system for the Taiwanese vendor’s NAS products. An audit of QNAP QTS conducted by WatchTowr Labs revealed fifteen vulnerabilities, most of which have yet to be addressed. The most severe vulnerability is a flaw tracked as CVE-2024-27130. The issue is an unpatched stack buffer […]

Pierluigi Paganini November 06, 2023
QNAP fixed two critical vulnerabilities in QTS OS and apps

Taiwanese vendor QNAP warns of two critical command injection flaws in the QTS operating system and applications on its NAS devices. Taiwanese vendor QNAP Systems addressed two critical command injection vulnerabilities, tracked as CVE-2023-23368 and CVE-2023-23369, that impact the QTS operating system and applications on its network-attached storage (NAS) devices. The vulnerability CVE-2023-23368 (CVSS score […]

Pierluigi Paganini March 29, 2023
QNAP fixed Sudo privilege escalation bug in NAS devices

Taiwanese vendor QNAP warns customers to patch a high-severity Sudo privilege escalation bug affecting NAS devices. Taiwanese vendor QNAP warns customers to update their network-attached storage (NAS) devices to address a high-severity Sudo privilege escalation vulnerability tracked as CVE-2023-22809. The company states that the vulnerability affects QTS, QuTS hero, QuTScloud, and QVP (QVR Pro appliances) […]

Pierluigi Paganini February 02, 2023
Over 30k Internet-Exposed QNAP NAS hosts impacted by CVE-2022-27596 flaw

Censys found 30,000 internet-facing QNAP appliances potentially impacted by a recently disclosed critical code injection flaw. On January 30, Taiwanese vendor QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices. A remote attacker can exploit the vulnerability to inject malicious code […]

Pierluigi Paganini January 30, 2023
QNAP addresses a critical flaw impacting its NAS devices

Taiwanese vendor QNAP is warning customers to install QTS and QuTS firmware updates to address a critical flaw impacting its NAS devices. QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices. A remote attacker can exploit the vulnerability to inject malicious code […]

Pierluigi Paganini September 05, 2022
QNAP warns new Deadbolt ransomware attacks exploiting zero-day

QNAP warns customers of ongoing DeadBolt ransomware attacks that are exploiting a zero-day vulnerability in Photo Station. QNAP warns customers of an ongoing wave of DeadBolt ransomware attacks, threat actors are exploiting a zero-day vulnerability in Photo Station. The attacks started on Saturday meantime the Taiwanese vendor has addressed the vulnerability. “QNAP Systems, Inc. today […]

Pierluigi Paganini July 08, 2022
New Checkmate ransomware target QNAP NAS devices

Taiwanese vendor QNAP wars of a new strain of ransomware, dubbed Checkmate, that is targeting its NAS devices. The Taiwanese vendor QNAP is warning of a new family of ransomware targeting its NAS devices using weak passwords. Threat actors are targeting devices exposed online with the SMB service enabled, they perform brute-force attacks against accounts […]

Pierluigi Paganini June 23, 2022
QNAP warns of a critical PHP flaw that could lead to remote code execution

Taiwanese company QNAP is addressing a critical PHP vulnerability that could be exploited to achieve remote code execution. Taiwanese vendor QNAP is addressing a critical PHP vulnerability, tracked as CVE-2019-11043 (CVSS score 9.8 out of 10), that could be exploited to achieve remote code execution. In certain configurations of FPM setup it is possible to […]

Pierluigi Paganini May 06, 2022
QNAP fixes multiple flaws, including a QVR RCE vulnerability

QNAP addressed multiple vulnerabilities, including a critical remote execution flaw affecting the QVR video surveillance solution. QNAP has addressed multiple vulnerabilities, including a critical security issue, tracked as CVE-2022-27588 (CVSS score of 9.8), that could be exploited by a remote attacker to execute arbitrary commands on vulnerable QVR systems. QNAP QVR is a video surveillance […]

Pierluigi Paganini May 01, 2022
Synology and QNAP warn of critical Netatalk flaws in some of their products

Synology warns customers that some of its NAS devices are affected by multiple critical Netatalk vulnerabilities. Synology has warned customers that multiple critical Netatalk vulnerabilities affect some of its network-attached storage (NAS) devices. Netatalk is a free, open-source implementation of the Apple Filing Protocol that allows Unix-like operating systems to serve as a file server for macOS computers. QNAP NAS devices support the AFP protocol to […]