Security Alert (A24-05-18): Multiple Vulnerabilities in QNAP Products


 

Published on: 22 May 2024

  
  

Description:

QNAP has published security advisories to address multiple vulnerabilities in QNAP products. The list of patches can be found at:
https://www.qnap.com/en/security-advisory/qsa-24-23

 

Affected Systems:

  • QNAP NAS devices running QTS operating system versions prior to 5.1.7.2770 build 20240520
  • QNAP NAS devices running QuTS hero operating system versions prior to h5.1.7.2770 build 20240520

For detailed information of the affected systems, please refer to the corresponding security advisory at vendor's website.

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, information disclosure or security restriction bypass on an affected system.

 

Recommendation:

Patches for affected systems are available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://www.qnap.com/en/security-advisory/qsa-24-23
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21902
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-27127 (to CVE-2024-27130)


Tag: NAS , QTS , QuTS hero
Tags