spot_img

QNAP Fixes Bug That Let Attackers Run Programs Remotely

Share post:

QNAP, the manufacturer of Network Storage (NAS) recently released security patches to fix several vulnerabilities that allow attackers to remotely inject and execute malicious close and commands on vulnerable NAS devices.

Some of the patched vulnerabilities include three serious XSS vulnerabilities traced as CVE-2021-34354, CBE-2021-34356, and CVE-2021-34355.

They affect devices that released unpatched Photo Station program versions prior to 5.4.10, 5.7.13, or 6.0.18, a stored XSS Image2PDF bug affecting systems using software versions released prior to Image2PDF 2.1.5, a command injection bug (CVE-2021-34352) affecting some QNAP end-of-life (EQL) devices running QVR IP video surveillance software that could ultimately help attackers execute arbitrary commands.

Apart from this, QNAP has also patched three other QVR vulnerabilities with critical severity in the recently released security advisory.

Users are recommended to upgrade their NAS to the latest version of Photo Station or Image PDF and QVR monitoring software.

For more information, read the original story in Bleeping Computer

Featured Tech Jobs

spot_img

SUBSCRIBE NOW

Related articles

Chindata Group receives take-private offer from Bain Capital

Chindata Group, a Chinese data center operator, has revealed that investor Bain Capital, which owns 42.2% of the...

Twitch apologizes for new advertising rules

Twitch has apologized for its new advertising rules that limited streamers' ad options and affected their earnings. After facing...

Altman addresses concerns and challenges of AI

According to leaked details of a meeting held earlier this month with developers and startup founders in London,...

Federal Bureau of Investigation (FBI) warns of scammers using AI for sextortion

The FBI has warned about scammers using AI to create explicit deepfake images and videos known as "sextortion." Scammers...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways