QNAP OS Command Injection Vulnerability Let Attackers Execute Malicious Commands

8 November 2023

Two critical OS command injection flaws have been discovered in multiple QNAP products, which include QTS, Multimedia Console, Media Streaming add-on, QuTS Hero, and QuTScloud. These vulnerabilities existed in the QTS operating system and applications on network-attached storage (NAS) devices, which are used to store many sensitive data. Hence, a command injection flaw on a NAS device could lead to the leakage of several sensitive pieces of information, which threat actors can use for many malicious purposes, including ransom demands. The CVEs for these vulnerabilities have been assigned as CVE-2023-23368 and CVE-2023-23369, with severities of 9.0 (critical) and 9.8 (Critical), respectively.

Source: GBHackers

Date:

8 November 2023

Categorie(s):

NEWS

Tag(s):

Attackers, Commands, Cyber Attack, Let, Malicious

USB Malware Attacks Targeting Industrial Systems Adapts LOL Tactics2 May 2024
REvil Ransomware Affiliate Sentenced for 13 Years in Prison2 May 2024
Inside Ukraine’s Killer-Drone Startup Industry2 May 2024
Streamlining Patch Deployment2 May 2024
The future of fintech innovation will be a constant dance between progress and security: AND Global2 May 2024