Taiwanese company QNAP has rolled out fixes for a set of medium-severity flaws impacting QTS and QuTS hero, some of which could be exploited to achieve code execution on its network-attached storage (NAS) appliances.
The issues, which impact QTS 5.1.x and QuTS hero h5.1.x, are listed below -
CVE-2024-21902 - An incorrect permission assignment for critical resource
Cybersecurity researchers have discovered a new Raspberry Robin campaign wave that has been propagating the malware through malicious Windows Script Files (WSFs) since March 2024.
"Historically, Raspberry Robin was known to spread through removable media like USB drives, but over time its distributors have experimented with other initial infection vectors," HP Wolf Security researcher Patrick
QNAP has released security updates to address two critical security flaws impacting its operating system that could result in arbitrary code execution.
Tracked asย CVE-2023-23368ย (CVSS score: 9.8), the vulnerability is described as a command injection bug affecting QTS, QuTS hero, and QuTScloud.
"If exploited, the vulnerability could allow remote attackers to execute commands via a network," the
Login
FreshRSS