| Clothing, Shoes & Jewelry | Today's Deals |
QNAP has published a security advisory about two critical vulnerabilities that could allow remote attackers to execute commands via a network.
One of the vulnerabilities affects the QTS and QuTS operating systems (OS) for QNAP’s network attached storage systems (NAS). The second one can be found in versions of QTS, the Multimedia Console, and the Media Streaming add-on.
CVE-2023-23368
The first vulnerability, CVE-2023-23368 (CVSS score 9.8 out of 10), is an OS command injection vulnerability.
OS command injection (also known as shell injection) is a security vulnerability that allows an attacker to execute arbitrary operating system (OS) commands on the device that is running an application, and typically fully compromise the application and all its data.
A fix is available for the vulnerability in the following versions:
- QTS 5.0.1.2376 build 20230421 and later
- QTS 4.5.4.2374 build 20230416 and later
- QuTS hero h5.0.1.2376 build 20230421 and later
- QuTS hero h4.5.4.2374 build 20230417 and later
- QuTScloud c5.0.1.2374 and later
To update QTS, QuTS hero, or QuTScloud you can:
- Log in to QTS, QuTS hero, or QuTScloud as an administrator.
- Go to Control Panel > System > Firmware Update.
- Under Live Update, click Check for Update.
- The system will download and install the latest available update.
If that doesn’t work for you, you can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.
CVE-2023-23369
The second vulnerability, CVE-2023-23369 (CVSS score 9 out of 10), is also an OS command injection vulnerability that reportedly…
read more www.malwarebytes.com
Terms of use and third-party services. More here.
Soccer | NFL | NBA | Ads. Amazon
Sports Fan Rings | Sports Fan Football | Sports Fan Jerseys | Sports Fan T-Shirts | Sports Fan Shoes | Sports Fan Jewelry | Puffer Jackets |
