Critical PHP flaw exposes QNAP NAS devices to RCE attacks

QNAP has warned customers today that most of its Network Attached Storage (NAS) devices are vulnerable to attacks that would exploit a three-year-old critical PHP vulnerability allowing remote code execution.

“A vulnerability has been reported to affect PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11. If exploited, the vulnerability allows attackers to gain remote code execution,” QNAP explained in a security advisory released today.

“To secure your device, we recommend regularly updating your system to the latest version to benefit from vulnerability fixes.”

Read more…
Source: Bleeping Computer