QNAP patched three vulnerabilities in its network-attached storage (NAS) products, one of which with a critical CVSS score of 9.8, and the other two of medium severity, both which have CVSS scores well under 5.0. In a March 9 advisory to its customers, QNAP said, if exploited, the critical flaw — CVE-2024-21899 — the improper authentication bug could let users compromise the security of the system via a network.
Source: SC Magazine