February 5, 2024 at 06:06PM
Taiwan-based QNAP Systems has released patches for two dozen vulnerabilities across its products, including high-severity flaws leading to command execution and critical resource access in QTS, QuTS hero, QuTScloud, and Qsync Central. The vulnerabilities could allow for code execution, DoS attacks, and data leakage. No known attacks have exploited these vulnerabilities.
Based on the meeting notes, QNAP Systems has addressed multiple high-severity vulnerabilities in its products, including OS command injection flaws and SQL injection vulnerabilities. The company has released patches for these vulnerabilities, which impact various versions of QTS, QuTS hero, and QuTScloud. Additionally, QNAP has resolved a high-severity vulnerability in Qsync Central versions 4.4.x and 4.3.x, which could potentially allow authenticated users to read or modify critical resources. In addition to high-severity vulnerabilities, QNAP has also released patches for medium-severity vulnerabilities that could lead to various potential security risks. The company has not mentioned any active exploitation of these vulnerabilities in attacks. More information about these vulnerabilities can be found on QNAP’s security advisories page.