A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Multiple Vulnerabilities in QTS, QuTS hero, QuTScloud, and myQNAPcloud (CVE-2024-21899, CVE-2024-21900 and CVE-2024-21901)

Multiple Vulnerabilities in QTS, QuTS hero, QuTScloud, and myQNAPcloud (CVE-2024-21899, CVE-2024-21900 and CVE-2024-21901)

Advisory No: TZCERT/SA/2024/03/21-01

Date of First Release: 21st March 2024

Source: QNAP

Software Affected: QTS, QuTS hero, QuTScloud, myQNAPcloud

Overview:

QNAP has released security patches to address the critical vulnerabilities affecting QTS, QuTS hero, QuTScloud, and myQNAPcloud . These vulnerabilities could allow an attacker to inject malicious code and execute code via a network.

Description:

QTS, QuTS hero, QuTScloud, and myQNAPcloud are affected with the following vulnerabilities. CVE-2024-21899; an improper authentication mechanism that could allow attackers to compromise a system remotely. CVE-2024-21900 could allow unauthorized users to execute arbitrary commands on the system via a network. CVE-2024-21901 could allow attackers to inject malicious SQL code through the network.

Impact:

Successful exploitation of these vulnerabilities may allow the attacker to take control of the affected system.

Solution:

QNAP has released patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://www.qnap.com/en/security-advisory/qsa-24-09
  2. https://www.cybersecurity-help.cz/vdb/SB2024031110

Best free WordPress theme

Check Also

HPE Superdome Flex, Superdome Flex 280 and Compute Scale-up Server 3200 Servers Arbitrary Code Execution (CVE-2021-38578)

Advisory No: TZCERT/SA/2024/04/19 Date of First Release: 19th April 2024 Source: Hewlett Packard Enterprise (HPE) …

DISCLAIMER |FAQ |CONTACT US
Tanzania Computer Emergency Response Team © Copyright 2024, All Rights Reserved.