Tuesday, October 15, 2024
HomeCyber Security NewsMultiple QNAP Vulnerabilities Let Attackers Inject Malicious Codes

Multiple QNAP Vulnerabilities Let Attackers Inject Malicious Codes

Published on

Malware protection

QNAP has disclosed a series of vulnerabilities within its operating systems and applications that could potentially allow attackers to compromise system security and execute malicious commands.

These vulnerabilities, identified as CVE-2024-21899, CVE-2024-21900, and CVE-2024-21901, pose significant risks to users of affected QNAP devices.

The company has promptly responded by releasing updates to mitigate these vulnerabilities.

- Advertisement - SIEM as a Service

Understanding the Vulnerabilities

CVE-2024-21899: Compromising System Security Through Improper Authentication

This vulnerability could allow unauthorized users to bypass authentication mechanisms, allowing them to compromise the system’s security via a network.

Document
Integrate ANY.RUN in your company for Effective Malware Analysis

Are you from SOC and DFIR teams? – Join With 400,000 independent Researchers

Malware analysis can be fast and simple. Just let us show you the way to:

  • Interact with malware safely
  • Set up virtual machine in Linux and all Windows OS versions
  • Work in a team
  • Get detailed reports with maximum data
  • If you want to test all these features now with completely free access to the sandbox:


The improper authentication flaw poses a critical risk, as it could enable attackers to gain unauthorized access to sensitive information or disrupt system operations.

CVE-2024-21900: Command Execution Through Injection Vulnerability

CVE-2024-21900 is an injection vulnerability that could allow authenticated users to execute arbitrary commands via a network.

This vulnerability could enable attackers to manipulate the system to their advantage, potentially leading to data theft, system damage, or further unauthorized access.

CVE-2024-21901: SQL Injection Vulnerability

The SQL injection vulnerability, identified as CVE-2024-21901, could allow authenticated administrators to inject malicious code via a network.

This vulnerability is particularly concerning as it could enable attackers to manipulate or corrupt database contents, leading to data loss or unauthorized access.

Hunter recently tweeted about a severe issue related to QNAP operating systems. The tweet warns users to be cautious and take necessary measures to avoid exploitation.

A critical vulnerability (CVE-2024-21899, CVSS 9.8) has been found in multiple versions of QNAP operating systems.

Affected and Fixed Versions

QNAP has taken swift action to address these vulnerabilities by releasing updates for the affected products.

Discovering these vulnerabilities in QNAP’s systems is a crucial reminder to maintain up-to-date security measures. 

The following table outlines the affected products and their corresponding fixed versions:

Affected ProductFixed Version
QTS 5.1.xQTS 5.1.3.2578 build 20231110 and later
QTS 4.5.xQTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.xQuTS hero h5.1.3.2578 build 20231110 and later
QuTS hero h4.5.xQuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.xQuTScloud c5.1.5.2651 and later
myQNAPcloud 1.0.xmyQNAPcloud 1.0.52 (2023/11/24) and later

Users of the affected versions are urged to update their systems and applications to the latest versions to protect against these vulnerabilities.

To safeguard against these vulnerabilities, QNAP strongly recommends that users regularly update their systems and applications to the latest versions.

These updates include critical fixes that can protect devices from potential attacks.

Users can update their QTS, QuTS hero, or QuTScloud systems via the Control Panel’s Firmware Update section or download the updates directly from the QNAP website.

For myQNAPcloud, updates can be performed through the App Center.

The discovery of these vulnerabilities was credited to DEVCORE, under the identifiers ZDI-CAN-22493/22494.

QNAP’s swift response underscores the importance of proactive security measures and the company’s commitment to protecting its users. 

Users of QNAP devices are urged to update their systems immediately to protect against potential threats.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

OilRig Hackers Exploiting Microsoft Exchange Server To Steal Login Details

Earth Simnavaz, an Iranian state-sponsored cyber espionage group, has recently intensified its attacks on...

CoreWarrior Malware Attacking Windows Machines From Dozens Of IP Address

Researchers recently analyzed a CoreWarrior malware sample, which spreads aggressively by creating numerous copies...

TrickMo Malware Targets Android Devices to Steal Unlock Patterns and PINs

The recent discovery of the TrickMo Banking Trojan variant by Cleafy has prompted further...

pac4j Java Framework Vulnerable to RCE Attacks

A critical security vulnerability has been discovered in the popular Java framework pac4j. The...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

OilRig Hackers Exploiting Microsoft Exchange Server To Steal Login Details

Earth Simnavaz, an Iranian state-sponsored cyber espionage group, has recently intensified its attacks on...

CoreWarrior Malware Attacking Windows Machines From Dozens Of IP Address

Researchers recently analyzed a CoreWarrior malware sample, which spreads aggressively by creating numerous copies...

TrickMo Malware Targets Android Devices to Steal Unlock Patterns and PINs

The recent discovery of the TrickMo Banking Trojan variant by Cleafy has prompted further...