Friday, June 21, 2024

Multiple QNAP High-Severity Flaws Let Attackers Execute Remote Code

QNAP has released multiple security advisories for addressing several high, medium, and low-severity vulnerabilities in multiple products, including QTS, QuTS hero, Netatalk, Video Station, QuMagie, and QcalAgent. 

QNAP has also stated all the affected products and their versions and the steps to update each product. The CVEs for these vulnerabilities are as follows:

  • CVE-2023-45039 (Low – QTS and QuTS hero)
  • CVE-2023-45040 (Low – QTS and QuTS hero)
  • CVE-2023-45041 (Low – QTS and QuTS hero)
  • CVE-2023-45042 (Low – QTS and QuTS hero)
  • CVE-2023-45043 (Low – QTS and QuTS hero)
  • CVE-2023-45044 (Low – QTS and QuTS hero)
  • CVE-2022-43634 (High – Netatalk)
  • CVE-2023-41287 (High-Video Station)
  • CVE-2023-41288 (High-Video Station)
  • CVE-2023-47219 (Low – QuMagie)
  • CVE-2023-47559 (High – QuMagie)
  • CVE-2023-47560 (High – QuMagie)
  • CVE-2023-39294 (Medium – QTS and QuTS hero)
  • CVE-2023-39296 (High – QTS and QuTS hero) 
  • CVE-2023-41289 (Medium – QcalAgent)

QTS and QuTS hero Vulnerabilities

CVE-2023-45039, CVE-2023-45040, CVE-2023-45041, CVE-2023-45042, CVE-2023-45043, and CVE-2023-45044 were associated with buffer copy, which was due to the insufficient checking in size of the input.

Exploiting this vulnerability could allow authenticated administrators to execute code through a network.

Free Webinar

Fastrack Compliance: The Path to ZERO-Vulnerability

Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.

The severity of this set of vulnerabilities has been given as low, according to the QNAP security advisory. However, CVE-2023-39294 and CVE-2023-39296 were given medium and high severity as per the security advisories.

CVE-2023-39294 was associated with OS command injection, which could allow authenticated administrators to execute commands through a network.

At the same time, CVE-2023-39296 was related to prototype pollution that could allow remote users to override existing attributes with incompatible types, resulting in the system’s crashing.

QuMagie Vulnerabilities

CVE-2023-47219 was a low-severity vulnerability associated with SQL injection that could allow an authenticated threat actor to inject malicious code via a network. CVE-2023-47559 and CVE-2023-47560 were a set of high-severity vulnerabilities linked to Cross-site scripting and OS command injection, respectively. 

Both of these vulnerabilities require the threat actor to be an authenticated user. Exploiting these vulnerabilities could result in either the injection of malicious code (CVE-2023-47559) or the execution of commands through a network (CVE-2023-47560).

Video Station Vulnerabilities

CVE-2023-41287 and CVE-2023-41288 were another set of vulnerabilities reported on a QNAP security advisory. CVE-2023-41287 was an SQL injection vulnerability, and CVE-2023-41288 was an OS command injection vulnerability.

These vulnerabilities were marked as high severity by QNAP. However, both vulnerabilities affect Video Station version 5.7.x and have been fixed in Video Station 5.7.2 and later versions.

Netatalk and QcalAgent

The Netatalk vulnerability has been given the CVE-2022-43634, and its severity is high. However, QNAP has not released any other details about this vulnerability or its category. However, according to the security advisory, this vulnerability affects the QTS 5.1.x version and has been fixed in QTS build 20231110 and later.

CVE-2023-41289 was another OS command injection vulnerability reported to be affecting QcalAgent. This vulnerability was given as a medium severity in the security advisory and mentioned to be affecting QcalAgent 1.1.x

All of the affected products have been fixed, and patches have been released. It is recommended for organizations that use these products to upgrade to the latest versions to prevent becoming prey for threat actors. 


Latest articles

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from for...

Beware Of Illegal OTT Platforms That Exposes Sensitive Personal Information

A recent rise in data breaches from illegal Chinese OTT platforms exposes that user...

Beware Of Zergeca Botnet with Advanced Scanning & Persistence Features

A new botnet named Zergeca has emerged, showcasing advanced capabilities that set it apart...

Mailcow Mail Server Vulnerability Let Attackers Execute Remote Code

Two critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) affecting Mailcow versions before 2024-04 allow attackers to...

Hackers Attacking Vaults, Buckets, And Secrets To Steal Data

Hackers target vaults, buckets, and secrets to access some of the most classified and...

Hackers Weaponizing Windows Shortcut Files for Phishing

LNK files, a shortcut file type in Windows OS, provide easy access to programs,...

New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document

Researchers discovered a new malware loader named SquidLoader targeting Chinese organizations, which arrives as...
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles