CyberSecurityBoard
Sponsor Register Login

QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products

Taiwan-based QNAP Systems on Friday announced patches for a dozen vulnerabilities across its product portfolio, including high-severity flaws in its operating system.
The bug affects QTS versions 5.1.x and QuTS hero versions h5.1.x and was resolved with the release of QTS 5.1.3.2578 build 20231110 and QuTS hero h5.1.3.2578 build 20231110.
The two releases also address CVE-2022-43634, a security defect in Netatalk that could allow attackers to execute arbitrary code remotely, without authentication.
On Friday, QNAP also released patches for two high-severity vulnerabilities in Video Station - an SQL injection and an OS command injection - that could be exploited over the network.
Video Station version 5.7.2 resolves both issues.
Two other high-severity, remotely exploitable bugs were addressed with the release of QuMagie 2.2.1, namely CVE-2023-47559, a cross-site scripting flaw, and CVE-2023-47560, an OS command injection defect.
QNAP announced patches for multiple other medium- and low-severity vulnerabilities in QTS, QuTS hero, QcalAgent, and QuMagie.
Details on these flaws can be found on QNAP's security advisories page.
QNAP makes no mention of any of these security holes being exploited in the wild, but threat actors are known to target unpatched QNAP appliances in malicious attacks.
Mainly known for its network-attached storage and professional network video recorder products, QNAP also manufactures various types of networking equipment.


This Cyber News was published on www.securityweek.com. Publication date: Mon, 08 Jan 2024 15:13:04 +0000


Cyber News related to QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products

QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products - Taiwan-based QNAP Systems on Friday announced patches for a dozen vulnerabilities across its product portfolio, including high-severity flaws in its operating system. The bug affects QTS versions 5.1.x and QuTS hero versions h5.1.x and was resolved ...
5 months ago Securityweek.com
Multiple QNAP Severity Flaw Let Attackers Execute Remote Code - QNAP has released multiple security advisories for addressing several high, medium, and low-severity vulnerabilities in multiple products, including QTS, QuTS hero, Netatalk, Video Station, QuMagie, and QcalAgent. QNAP has also stated all the ...
5 months ago Gbhackers.com
Over 29,000 QNAP devices vulnerable to code injection attacks - Tens of thousands of QNAP network-attached storage devices are waiting to be patched against a critical security flaw addressed by the Taiwanese company on Monday. Remote threat actors can exploit this SQL injection vulnerability to inject malicious ...
1 year ago Bleepingcomputer.com
CVE-2020-2491 - This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. QTS 4.5.1: Photo Station 6.0.12 and later QTS 4.4.3: ...
3 years ago
CVE-2021-38687 - A stack buffer overflow vulnerability has been reported to affect QNAP NAS running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. We have already fixed this vulnerability in the following versions ...
2 years ago
CVE-2022-27593 - An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following ...
1 year ago
QNAP Patches Critical Security Vulnerability that Allows Remote Code Injection - QNAP is warning customers to install QTS and QuTS firmware updates that fix a critical security vulnerability that potentially allows remote attackers to inject malicious code on QNAP NAS devices. This vulnerability is tracked as CVE-2022-27596 and ...
1 year ago Bleepingcomputer.com
Vulnerability Summary for the Week of January 1, 2024 - Prior to version 1.2.0, there is a potential for a mutation cross-site scripting vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. A security vulnerability was found in CubeFS HandlerNode in versions prior to 3.3.1 that ...
5 months ago Cisa.gov
QNAP takes down server behind widespread brute-force attacks - QNAP took down a malicious server used in widespread brute-force attacks targeting Internet-exposed NAS devices with weak passwords. The Taiwanese hardware vendor detected the attacks on the evening of October 14 and, with assistance from Digital ...
7 months ago Bleepingcomputer.com
Splunk Patches High-Severity Vulnerabilities in Enterprise Product - Splunk on Monday announced patches for 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including six high-severity bugs. Three of the high-severity issues are remote code execution flaws that require authentication for successful ...
5 days ago Packetstormsecurity.com
Splunk Patches High-Severity Vulnerabilities in Enterprise Product - Splunk on Monday announced patches for 16 vulnerabilities in Splunk Enterprise and Cloud Platform, including six high-severity bugs. Three of the high-severity issues are remote code execution flaws that require authentication for successful ...
5 days ago Securityweek.com
30k Internet-Exposed QNAP NAS Devices Affected by Recent Vulnerability - Attack surface management firm Censys has identified roughly 30,000 internet-exposed QNAP network-attached storage appliances that are likely affected by a recently disclosed critical-severity code injection vulnerability. Tracked as CVE-2022-27596, ...
1 year ago Securityweek.com
CVE-2021-44052 - An improper link resolution before file access ('Link Following') vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file ...
2 years ago
CVE-2020-36195 - An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this ...
3 years ago
CVE-2021-28812 - A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Video Station versions ...
1 year ago
Over 1,450 pfSense servers exposed to RCE attacks via bug chain - Roughly 1,450 pfSense instances exposed online are vulnerable to command injection and cross-site scripting flaws that, if chained, could enable attackers to perform remote code execution on the appliance. PfSense is a popular open-source firewall ...
6 months ago Bleepingcomputer.com
CISA Warns of FXC Router, QNAP NVR Vulnerabilities Exploited in the Wild - The US cybersecurity agency CISA on Thursday released industrial control system advisories for vulnerabilities affecting Future X Communications routers and QNAP network video recorder devices, and warned organizations that they have been exploited ...
6 months ago Securityweek.com
ICS Patch Tuesday: Electromagnetic Fault Injection, Critical Redis Vulnerability - Siemens and Schneider Electric have published their Patch Tuesday advisories for December 2023, addressing dozens of vulnerabilities affecting their products. Siemens has published 12 advisories that cover more than 30 vulnerabilities. The industrial ...
6 months ago Securityweek.com
CVE-2018-19949 - If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS ...
3 years ago
CVE-2018-19953 - If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS ...
3 years ago
CVE-2018-19943 - If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and ...
3 years ago
Discovering SSRF Flaws in Microsoft Azure Services - Microsoft Azure is an incredibly popular cloud computing platform and its services are used around the world. Recently, security researchers uncovered several Server-Side Request Forgery (SSRF) flaws in many of Microsoft Azure’s services. This type ...
1 year ago Securityaffairs.com
CVE-2020-2496 - If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build ...
3 years ago
CVE-2020-2495 - If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build ...
3 years ago
5 Valuable Skills Kids Can Gain by Playing Video Games - Video games come in all shapes and sizes and can be very educational for children of all ages. Video games can provide children with valuable skills that can help them in their everyday lives. From problem-solving abilities to self-control, learning ...
1 year ago Welivesecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)