May 20, 2024 at 10:07AM QNAP’s vulnerabilities disclosed by watchTowr revealed 15 issues, with only 4 addressed. Six are accepted with no available patches, while the rest are still under embargo or have no solution. QNAP has a history of ransomware attacks and slow patching. CVE-2024-27130, with potential RCE, remains unpatched despite being acknowledged by … Read more
April 9, 2024 at 12:40PM A critical flaw in several end-of-life models of D-Link NAS devices, tracked as CVE-2024-3273, allows attackers to backdoor the devices, potentially accessing sensitive information and enabling other nefarious activities. D-Link advises retiring and replacing affected devices as they will no longer receive updates or support. Use unique passwords and enable … Read more
April 8, 2024 at 06:23PM Attackers target over 92,000 unpatched end-of-life D-Link NAS devices with a critical remote code execution vulnerability. Exploiting a hardcoded account and command injection flaw, threat actors deploy a Mirai malware variant to create botnets for large-scale DDoS attacks. D-Link has ceased support for these devices, advising owners to retire or … Read more
April 6, 2024 at 12:04PM A threat researcher disclosed a new arbitrary command injection and hardcoded backdoor flaw in multiple end-of-life D-Link Network Attached Storage (NAS) models, impacting their security. The flaw allows remote execution of arbitrary commands and affects over 92,000 vulnerable devices. D-Link has confirmed the end of support for these devices and … Read more
March 11, 2024 at 10:03AM Over the weekend, Taiwan-based QNAP Systems announced patches for critical vulnerabilities in several products, such as QTS, QuTS hero, and QuTScloud. The flaws could enable unauthenticated access to network-attached storage (NAS) devices. CVE-2024-21899 poses a high risk, while CVE-2024-21900 and CVE-2024-21901 present medium risks, requiring authentication for exploitation. QNAP also … Read more
February 13, 2024 at 03:05PM QNAP has disclosed and patched two vulnerabilities, including a zero-day, affecting its NAS devices. The severity of the issues is disputed, with QNAP rating one as mid-level and Unit 42 as a critical threat. The vulnerabilities can lead to remote code execution and affect numerous devices, with specific patch recommendations … Read more