QNAP warns about critical vulnerabilities in NAS systems | Malware

Qnap Logo.png

QNAP has published a security advisory about two critical vulnerabilities that could allow remote attackers to execute commands via a network.

One of the vulnerabilities affects the QTS and QuTS operating systems (OS) for QNAP’s network attached storage systems (NAS). The second one can be found in versions of QTS, the Multimedia Console, and the Media Streaming add-on.


The first vulnerability, CVE-2023-23368 (CVSS score 9.8 out of 10), is an OS command injection vulnerability.

OS command injection (also known as shell injection) is a security vulnerability that allows an attacker to execute arbitrary operating system (OS) commands on the device that is running an application, and typically fully compromise the application and all its data.

A fix is available for the vulnerability in the following versions:

  • QTS build 20230421 and later
  • QTS build 20230416 and later
  • QuTS hero h5.0.1.2376 build 20230421 and later
  • QuTS hero h4.5.4.2374 build 20230417 and later
  • QuTScloud c5.0.1.2374 and later

To update QTS, QuTS hero, or QuTScloud you can:

  • Log in to QTS, QuTS hero, or QuTScloud as an administrator.
  • Go to Control Panel > System > Firmware Update.
  • Under Live Update, click Check for Update.
  • The system will download and install the latest available update.

If that doesn’t work for you, you can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.


The second vulnerability, CVE-2023-23369 (CVSS score 9 out of 10), is also an OS command injection vulnerability that reportedly…

 read more www.malwarebytes.com

FTC: We use income earning affiliate links. More on Sposored links.
Terms of use and third-party services. More here.

“The adventure of life is to learn. The purpose of life is to grow. The nature of life is to change. The challenge of life is to overcome. The essence of life is to care. The opportunity of like is to serve. The secret of life is to dare. The spice of life is to befriend. The beauty of life is to give.” —William Arthur Ward

Related Posts