Critical Vulnerability in QNAP Products
Published on 15 Mar 2024
QNAP has released security updates to address a critical vulnerability (CVE-2024-21899) affecting their QTS, QuTS hero, QuTScloud, and myQNAPcloud products. The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 9.8 out of 10.
Successful exploitation of the authentication bypass vulnerability could allow a remote attacker to gain unauthorised access to the Network Attached Storage (NAS) device, resulting in high impact to confidentiality, integrity, and availability of the system.
The vulnerability affects the following products:
QTS 5.1.x QTS 4.5.x QuTS hero h5.1.x QuTS hero h4.5.x QuTScloud c5.x myQNAPcloud 1.0.x service
Users and administrators of affected products are advised to update to the latest versions immediately.
More information is available here:
https://www.qnap.com/en/security-advisory/qsa-24-09
https://www.bleepingcomputer.com/news/security/qnap-warns-of-critical-auth-bypass-flaw-in-its-nas-devices/
Successful exploitation of the authentication bypass vulnerability could allow a remote attacker to gain unauthorised access to the Network Attached Storage (NAS) device, resulting in high impact to confidentiality, integrity, and availability of the system.
The vulnerability affects the following products:
Users and administrators of affected products are advised to update to the latest versions immediately.
More information is available here:
https://www.qnap.com/en/security-advisory/qsa-24-09
https://www.bleepingcomputer.com/news/security/qnap-warns-of-critical-auth-bypass-flaw-in-its-nas-devices/
