QNAP warns of critical command injection flaws in QTS OS, apps

QNAP Systems published security advisories for two critical command injection vulnerabilities that impact multiple versions of the QTS operating system and applications on its network-attached storage (NAS) devices. The first flaw is being tracked as CVE-2023-23368 and has a critical severity rating of 9.8 out of 10. It is a command injection vulnerability that a remote attacker can exploit to execute commands via a network.

STORAGE & DATA PROTECTION

11/8/20231 min read

Fixes are available in the following releases:

  • QTS 5.0.1.2376 build 20230421 and later

  • QTS 4.5.4.2374 build 20230416 and later

  • QuTS hero h5.0.1.2376 build 20230421 and later

  • QuTS hero h4.5.4.2374 build 20230417 and later

  • QuTScloud c5.0.1.2374 and later

The second vulnerability is identified as CVE-2023-23369 and has a lower severity rating of 9.0 and could also be exploited by a remote attacker to the same effect as the previous one.

More Information: https://www.bleepingcomputer.com/news/security/qnap-warns-of-critical-command-injection-flaws-in-qts-os-apps/

Contacts

contact@metatech.ma
+212-660838914

Socials
Subscribe to our newsletter