Security Alert (A24-10-28): Multiple Vulnerabilities in QNAP Products


 

Published on: 31 October 2024

  
  

Description:

QNAP has published security advisories to address multiple vulnerabilities in QNAP products. The list of patches can be found at:
https://www.qnap.com/en/security-advisory/qsa-24-41
https://www.qnap.com/en/security-advisory/qsa-24-42

 

Affected Systems:

  • QNAP NAS devices running HBS 3 Hybrid Backup Sync versions prior to 25.1.1.673
  • QNAP NAS devices running SMB Service versions prior to 4.15.002, h4.15.002

For detailed information of the affected systems, please refer to the corresponding security advisory at vendor's website.

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution on an affected system.

 

Recommendation:

Patches for affected systems are available. System administrators of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://www.qnap.com/en/security-advisory/qsa-24-41
  • https://www.qnap.com/en/security-advisory/qsa-24-42
  • https://www.hkcert.org/security-bulletin/qnap-nas-remote-code-execution-vulnerability_20241031
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-50387 (to CVE-2024-50388)


Tag: NAS , HBS , SMB
Tags