QNAP Fixes Bug That Let Attackers Run Programs Remotely

Share post:

QNAP, the manufacturer of Network Storage (NAS) recently released security patches to fix several vulnerabilities that allow attackers to remotely inject and execute malicious close and commands on vulnerable NAS devices.

Some of the patched vulnerabilities include three serious XSS vulnerabilities traced as CVE-2021-34354, CBE-2021-34356, and CVE-2021-34355.

They affect devices that released unpatched Photo Station program versions prior to 5.4.10, 5.7.13, or 6.0.18, a stored XSS Image2PDF bug affecting systems using software versions released prior to Image2PDF 2.1.5, a command injection bug (CVE-2021-34352) affecting some QNAP end-of-life (EQL) devices running QVR IP video surveillance software that could ultimately help attackers execute arbitrary commands.

Apart from this, QNAP has also patched three other QVR vulnerabilities with critical severity in the recently released security advisory.

Users are recommended to upgrade their NAS to the latest version of Photo Station or Image PDF and QVR monitoring software.

For more information, read the original story in Bleeping Computer

SUBSCRIBE NOW

Related articles

Tesla’s Optimus Robot Production Stopped Chinese Rare Earth Restrictions

Tesla’s ambitious plans to mass-produce its Optimus humanoid robot have hit a significant roadblock: China’s tightening grip on...

Anthropic Warns: AI “Virtual Employees” Could Pose Security Risks Within a Year

Anthropic, a leading artificial intelligence company, anticipates that AI-powered virtual employees could begin operating within corporate networks as...

Hertz Data Breach Exposes Customer Information via Supply Chain Hack

Hertz has disclosed a data breach resulting from a cyberattack on its vendor, Cleo Communications, which compromised sensitive...

Google’s New Security Feature – Automatic Reboot

Google is introducing a new security feature in its latest Android update that will automatically reboot phones and...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways