A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later
QNAP QTS zero-day in Share feature gets public RCE exploit By Bill Toulas May 20, 2024 10:57 AM 0 An extensive security audit of QNAP QTS, the operating system for the company's NAS products, has uncovered fifteen vulnerabilities of varying severity, with eleven remaining unfixed. Among them is CVE-2024-27130, an unpatched stack buffer overflow vulnerability in the 'No_Support_ACL' function of 'share.cgi,' which could enable an attacker to perform remote code execution when specific pr...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources WatchTowr publishes report claiming vendor failed to issue fixes after four months
Infosec boffins say they were forced to go public after QNAP failed to fix various vulnerabilities that were reported to it months ago. Researchers at watchTowr said on Friday that they drilled into QNAP's QTS, QuTSCLoud, and QTS hero operating systems and found 15 vulnerabilities, with only four of the holes receiving patches. Six of the remaining 11 bugs were accepted and validated by QNAP, and all have CVEs assigned to them, but despite most being reported in early January, and one as far bac...