QNAP addresses critical flaws across NAS, router software

November 25, 2024 at 05:18PM QNAP has issued security bulletins addressing multiple vulnerabilities, including three critical ones in Notes Station 3 and QuRouter. Users are urged to update to the latest versions to mitigate risks. Other products also received important fixes. QNAP advises against direct Internet connections for devices to prevent exploitation. ### Meeting Takeaways: … Read more

Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models

June 5, 2024 at 04:03AM Zyxel has released security updates for two end-of-life network-attached storage devices to address critical flaws. The vulnerabilities could allow unauthenticated attackers to execute operating system commands and arbitrary code. Outpost24 security researcher Timothy Hjort discovered and reported the flaws. Users are urged to update to the latest version for optimal … Read more

Zyxel issues emergency RCE patch for end-of-life NAS devices

June 4, 2024 at 01:35PM Zyxel Networks released an emergency security update addressing three critical vulnerabilities in older NAS devices reaching end-of-life. The flaws enable command injection, remote code execution, privilege escalation, and information disclosure. Outpost24 security researcher Timothy Hjort discovered and reported the vulnerabilities. Zyxel released fixes despite end-of-support, urging immediate application due to … Read more

QNAP Rushes Patch for Code Execution Flaw in NAS Devices

May 21, 2024 at 12:45PM QNAP Systems issued patches for multiple vulnerabilities, including CVE-2024-27130, described as an unsafe use of the ‘strcpy’ function in the No_Support_ACL function, leading to a stack buffer overflow and potential remote code execution. QNAP advised users to update to QTS 5.1.7 to mitigate the risk and address multiple other vulnerabilities. … Read more

QNAP QTS zero-day in Share feature gets public RCE exploit

May 20, 2024 at 11:01AM A recent security audit of QNAP QTS revealed fifteen vulnerabilities, with only four fixed by the vendor after multiple delays. Notably, CVE-2024-27130 poses a remote code execution risk through an unpatched function in ‘share.cgi.’ WatchTowr Labs uncovered these vulnerabilities, mostly involving buffer overflows and authentication issues, impacting NAS devices. Read … Read more

Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks

April 9, 2024 at 02:15AM Security flaws in legacy D-Link NAS devices are being exploited by threat actors, impacting over 92,000 internet-exposed devices. The vulnerabilities allow arbitrary command execution, potentially leading to unauthorized access and denial-of-service conditions. No patches are expected, and users are advised to replace affected devices or firewall remote access. Attackers are … Read more

QNAP takes down server behind widespread brute-force attacks

October 23, 2023 at 09:25AM QNAP has successfully taken down a malicious server used in widespread brute-force attacks on NAS devices with weak passwords. With the help of Digital Ocean, they quickly identified and blocked the command-and-control server within 48 hours. QNAP urges customers to implement security measures, including changing default access port numbers and … Read more