QNAP QTS zero-day in Share feature gets public RCE exploit
May 20, 2024 at 11:01AM A recent security audit of QNAP QTS revealed fifteen vulnerabilities, with only four fixed by the vendor after multiple delays. Notably, CVE-2024-27130 poses a remote code execution risk through an unpatched function in ‘share.cgi.’ WatchTowr Labs uncovered these vulnerabilities, mostly involving buffer overflows and authentication issues, impacting NAS devices. Read … Read more