#WatchTowrLabs

QNAP Patches New Flaws in QTS and QuTS hero Impacting NAS Appliances

by

May 22, 2024 at 01:33AM QNAP has addressed medium-severity security flaws in its QTS and QuTS hero, including permissions, code execution, and buffer overflow vulnerabilities. Fixes have been released, credited to Aliz Hammond of watchTowr Labs. Although some issues remain outstanding, QNAP has committed to improving coordination with researchers and enhancing security measures for its … Read more

QNAP QTS zero-day in Share feature gets public RCE exploit

by

May 20, 2024 at 11:01AM A recent security audit of QNAP QTS revealed fifteen vulnerabilities, with only four fixed by the vendor after multiple delays. Notably, CVE-2024-27130 poses a remote code execution risk through an unpatched function in ‘share.cgi.’ WatchTowr Labs uncovered these vulnerabilities, mostly involving buffer overflows and authentication issues, impacting NAS devices. Read … Read more