Popular NAS vendor issues emergency patch against potentially highly damaging vulnerabilities — here's what you need to know

Wayne Williams

February 11, 2024 at 12:49 AM·2 min read

NAS vendor QNAP Systems has urgently issued patches for no fewer than 24 vulnerabilities across its product range, including two high-severity flaws that could enable command execution.

Despite the severity of these vulnerabilities, QNAP has not reported any instances of these bugs being exploited in the wild. The Taiwan-based firm's move is more of a proactive measure against potentially highly damaging exploits.

According to Security Week, the most concerning vulnerabilities, referred to as CVE-2023-45025 and CVE-2023-39297, are OS command injection flaws. These flaws are present in QTS versions 5.1.x and 4.5.x, QuTS hero versions h5.1.x and h4.5.x, and QuTScloud version 5.x. The first of these can be manipulated by users to execute commands across a network under certain system configurations, while the second requires authentication for successful exploitation.

Patch now!

QNAP has also released patches for two additional vulnerabilities, CVE-2023-47567 and CVE-2023-47568. These remotely exploitable flaws are present in QTS, QuTS hero, and QuTScloud and require administrator authentication for successful exploitation. The former is an OS command injection, while the latter is an SQL injection vulnerability.

All four of these security defects have been addressed in the latest QTS, QuTS hero, and QuTScloud versions. Another high-severity vulnerability, CVE-2023-47564, affecting Qsync Central versions 4.4.x and 4.3.x, has also been patched. This bug could allow authenticated users to read or modify critical resources over a network.

In addition to these high-severity flaws, QNAP has patched multiple medium-severity vulnerabilities that could lead to code execution, DoS attacks, command execution, restrictions bypass, leakage of sensitive data, and code injection.

For more detailed information on these vulnerabilities, users are advised to visit QNAP’s security advisories page.

More from TechRadar Pro

These are the best NAS devices
While these are the best NAS hard drives
QNAP urges customers to update now to stay safe from dangerous security flaw

Yahoo Sports
2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick
Yahoo Sports' Charles McDonald breaks down the Broncos' 2024 draft.
1d ago
Yahoo Sports
Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race
Race organizers say they'll revoke a Trump fundraiser's suite license if he holds an event for the former president on Sunday at the race.
5h ago
Yahoo Sports
NFL Draft: Packers fan upset with team's 1st pick, and Lions fans hilariously rubbed it in
Not everyone was thrilled with their team's draft on Thursday night.
4d ago
Yahoo Sports
NFL Draft: Bears take Iowa punter, who immediately receives funny text from Caleb Williams
There haven't been many punters drafted in the fourth round or higher like Tory Taylor just was. Chicago's No. 1 overall pick welcomed him in unique fashion.
2d ago
Yahoo Sports
NFL to allow players to wear protective Guardian Caps in games beginning with 2024 season
The NFL will allow players to wear protective Guardian Caps during games beginning with the 2024 season. The caps were previously mandated for practices.
3d ago
Yahoo Sports
The expanded 12-team College Football Playoff is here — and it already has problems
There is cause for excitement around the new playoff format. There's also lots of complaints and criticism to go around.
6h ago
Yahoo Sports
Joel Embiid not happy that Knicks fans took over 76ers home playoff games: It 'pisses me off'
"I don't think that should happen. It's not OK."
19h ago
Yahoo Sports
Korey Cunningham, former NFL lineman, found dead in New Jersey home at age 28
Cunningham played 31 games in the NFL with the Cardinals, Patriots and Giants.
3d ago
Yahoo Sports
2024 NFL Draft grades: Kansas City Chiefs get even richer with one of the best hauls this year
Yahoo Sports' Charles McDonald breaks down the Chiefs' 2024 draft.
1d ago
Yahoo Sports
Cowboys owner Jerry Jones compared his 2024 NFL Draft strategy to robbing a bank
Dallas Cowboys owner Jerry Jones made an amusing analogy when asked why the team selected three offensive lineman in the 2024 NFL Draft.
2d ago
Yahoo Sports
Michael Penix Jr. said Kirk Cousins called him after Falcons' surprising draft selection
Atlanta Falcons first-round draft pick Michael Penix Jr. said quarterback Kirk Cousins called him after he was picked No. 8 overall in one of the 2024 NFL Draft's more puzzling selections.
3d ago
Yahoo Sports
Panthers owner David Tepper stopped by Charlotte bar that criticized his draft strategy
“Please Let The Coach & GM Pick This Year" read a sign out front.
3d ago
Yahoo Sports
2024 NFL Draft grades: Baltimore Ravens do what they do best — let good players fall into their laps
Yahoo Sports' Charles McDonald breaks down the Ravens' 2024 draft.
1d ago
Yahoo Sports
Falcons ownership endorsed the Michael Penix Jr. pick and put Kirk Cousins on the clock. Now what?
Cousins doesn’t have a track record inside the team. Unlike Alex Smith, Brett Favre and Aaron Rodgers, there are no entrenched locker room soldiers behind him.
15h ago
Yahoo Sports
Legendary basketball star Candace Parker announces her retirement
Candace Parker announces her retirement from women's basketball after 16 seasons in the WNBA and a stellar college career at Tennessee.
1d ago
Yahoo Sports
2024 NFL Draft grades: Minnesota Vikings risked a lot to get J.J. McCarthy and Dallas Turner
Yahoo Sports' Charles McDonald breaks down the Vikings' 2024 draft.
1d ago
Yahoo Finance
The stock market has a 'systemic problem'
Rising Treasury yields are once again a headwind for stocks. Strategists don't see relief coming unless Fed Chair Jerome Powell is surprisingly dovish in his press conference on Wednesday.
2h ago
Yahoo Sports
New Bills WR Keon Coleman makes hilarious first impression with Macy's shopping advice and more
If nothing else, the Bills have a player who can recognize a good deal.
2d ago
Yahoo Sports
NBA playoffs: Tyrese Hailburton game-winner and potential Damian Lillard Achilles injury leaves Bucks in nightmare
Tyrese Haliburton hit a floater with 1.1 seconds left in overtime to give the Indiana Pacers a 121–118 win over the Milwaukee Bucks. The Pacers lead their first-round playoff series two games to one.
3d ago
Yahoo Sports
Cowboys, RB Ezekiel Elliott reportedly reuniting on one-year, $3 million deal
Zeke is coming home.
7h ago

News

Life

Entertainment

Finance

Sports

New on Yahoo

Popular NAS vendor issues emergency patch against potentially highly damaging vulnerabilities — here's what you need to know

Patch now!

More from TechRadar Pro

Recommended Stories

2024 NFL Draft grades: Denver Broncos earn one of our lowest grades mostly due to one pick

Formula 1: Miami Grand Prix sends cease and desist letter to prevent Donald Trump fundraiser during race

NFL Draft: Packers fan upset with team's 1st pick, and Lions fans hilariously rubbed it in

NFL Draft: Bears take Iowa punter, who immediately receives funny text from Caleb Williams

NFL to allow players to wear protective Guardian Caps in games beginning with 2024 season

The expanded 12-team College Football Playoff is here — and it already has problems

Joel Embiid not happy that Knicks fans took over 76ers home playoff games: It 'pisses me off'

Korey Cunningham, former NFL lineman, found dead in New Jersey home at age 28

2024 NFL Draft grades: Kansas City Chiefs get even richer with one of the best hauls this year

Cowboys owner Jerry Jones compared his 2024 NFL Draft strategy to robbing a bank

Michael Penix Jr. said Kirk Cousins called him after Falcons' surprising draft selection

Panthers owner David Tepper stopped by Charlotte bar that criticized his draft strategy

2024 NFL Draft grades: Baltimore Ravens do what they do best — let good players fall into their laps

Falcons ownership endorsed the Michael Penix Jr. pick and put Kirk Cousins on the clock. Now what?

Legendary basketball star Candace Parker announces her retirement

2024 NFL Draft grades: Minnesota Vikings risked a lot to get J.J. McCarthy and Dallas Turner

The stock market has a 'systemic problem'

New Bills WR Keon Coleman makes hilarious first impression with Macy's shopping advice and more

NBA playoffs: Tyrese Hailburton game-winner and potential Damian Lillard Achilles injury leaves Bucks in nightmare

Cowboys, RB Ezekiel Elliott reportedly reuniting on one-year, $3 million deal