Remote code execution hole, arbitrary file writing flaw could make a mess of stored files Data-stealing, password-harvesting, backdoor-opening QNAP NAS malware cruises along at 62,000 infections
Updated Some QNAP network attached storage devices are vulnerable to attack because of two critical vulnerabilities, one that enables unauthenticated remote code execution and another that provides the ability to write to arbitrary files. The vulnerabilities were made known to the Taiwan-based company on October 12, 2020, and on November 29, 2020, by SAM Seamless Network, a connected home security firm. They were found in the QNAP TS-231's latest firmware, version 4.3.6.1446, which SAM claims wa...