QNAP Fixes Several Vulnerabilities Affecting High-End NAS Devices


QNAP has released fixes for several vulnerabilities affecting the QTS and QuTS hero operating systems. In addition to the three high severity vulnerabilities below, the security advisory also addresses two medium severity vulnerabilities and three low severity vulnerabilities.

QuTS is QNAP’s operating system for high-end enterprise NAS devices. Vulnerability Details CVE-2024-48865: An improper certificate validation vulnerability with a CVSSv4 score of 7.3. If exploited, an attacker with local network access could compromise the security of the system.

Read more…
Source: NHS Digital


Sign up for our Newsletter


Related:

  • 7-Zip bug could allow a bypass of a Windows security feature – update now

    January 22, 2025

    A patch is available for a vulnerability in 7-Zip that could have allowed attackers to bypass the Mark-of-the-Web (MotW) security feature in Windows. The MotW is an attribute added to files by Windows when they have been sourced from an untrusted location, like the internet or a restricted zone. The MotW is what triggers warnings that ...

  • Hackers are exploiting a new Fortinet firewall bug to breach company networks

    January 14, 2025

    Security researchers say malicious hackers have been exploiting a newly discovered vulnerability in Fortinet firewalls to break into corporate and enterprise networks. In an advisory published Tuesday, security product maker Fortinet confirmed that a critical-rated vulnerability in its FortiGate firewalls, tracked as CVE-2024-55591, is “being exploited in the wild.” Fortinet made patches available, but security researchers ...

  • Patch Tuesday – January 2025

    January 14, 2025

    Microsoft is addressing 161 vulnerabilities this January 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for eight of the vulnerabilities published today, with three listed on CISA KEV. This is now the fourth consecutive month where Microsoft has published zero-day vulnerabilities on Patch Tuesday without evaluating any of them as critical severity ...

  • Attackers exploiting a patched FortiClient EMS vulnerability in the wild

    December 19, 2024

    During a recent incident response, Kaspersky’s GERT team identified a set of TTPs and indicators linked to an attacker that infiltrated a company’s networks by targeting a Fortinet vulnerability for which a patch was already available. This vulnerability is an improper filtering of SQL command input making the system susceptible to an SQL injection. It specifically ...

  • BeyondTrust security advisory addresses a vulnerability in the Remote Support and Privileged Remote Access systems

    December 17, 2024

    BeyondTrust has released a security advisory that addresses a vulnerability in the Remote Support and Privileged Remote Access systems. Remote Support allows authorised individuals such as IT Helpdesk staff to connect to remote systems. Privileged Remote Access facilitates just-in-time secure access to enterprise environments. CVE-2024-12356 has a CVSSv3 score of 9.8 and if exploited could ...

  • Update now! Apple releases new security patches for vulnerabilities in iPhones, Macs, and more

    December 12, 2024

    Apple has released security patches for most of its operating systems, including iOS, Mac, iPadOS, Safari, and visionOS. To check if you’re using the latest software version, go to Settings (or System Settings) > General > Software Update. It’s also worth turning on Automatic Updates if you haven’t already, which you can do on the same ...