1. Forum
  2. TQWNet
  3. TQW GENTECH

  • QNAP fixes host of security updates following major issues

    From TechnologyDaily@1337:1/100 to All on Tuesday, November 26, 2024 14:15:05
    QNAP fixes host of security updates following major issues

    Date:
    Tue, 26 Nov 2024 14:05:00 +0000

    Description:
    Almost two dozen flaws, including some critical issues, fixed in various QNAP products.

    FULL STORY ======================================================================QNAP addresses 17 vulnerabilities with a variety of patches Among the affected products are Notes Station 3, QuRouter, and others Some of the bugs are
    deemed critical and highly dangerous

    QNAP has released fixes for a number of security vulnerabilities, including several flaws deemed critical.

    In total, QNAP addressed 17 different vulnerabilities, and the full detailed list can be found on this link . Since many of the flaws are critical and can be used to take over endpoints, steal sensitive data, and deploy malware, users are advised to apply the patches as soon as possible.

    In its security advisory, QNAP said the vulnerabilities affected Notes
    Station 3, QuRouter, AI Core, QuLog Center, QTS, and QuTS Hero. Patches and fixes

    The most severe of the bugs is an OS command injection flaw that allows
    threat actors to run arbitrary commands on the target system. It impacts
    QNAPs high-speed, secure routers QuRouter 2.4.x. It is tracked as CVE-2024-48860 and has a severity score of 9.5 (critical).

    The second-highest, critical vulnerability, is tracked as CVE-2024-38645, and has a score of 9.4. It was found in QNAPs note-taking and collaboration application Notes Station 3, and is tracked as CVE-2024-38645. This one is described as a server-side request forgery (SSRF) bug that enables threat actors with authentication credentials to send custom-built requests and ultimately expose sensitive app data.

    Another Notes Station 3 flaw made the top three, CVE-2024-38643, with a severity score of 9.3. This missing authentication for critical functions bug allows crooks to gain unauthorized access and run different system functions, which can lead to credential theft and system compromise.

    QNAP devices are extremely popular targets for cybercriminals, and as such should be handled with care. Security experts advise these advices never be connected directly to the internet, but rather be protected behind a VPN.

    Via BleepingComputer You might also like QNAP patches worrying NAS security flaw, so update now Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/qnap-fixes-host-of-security-updates-fol lowing-major-issues


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)