Multiple QNAP Vulnerabilities Let Attackers Inject Malicious Codes

QNAP has disclosed a series of vulnerabilities within its operating systems and applications that could potentially allow attackers to compromise system security and execute malicious commands.

These vulnerabilities, identified as CVE-2024-21899, CVE-2024-21900, and CVE-2024-21901, pose significant risks to users of affected QNAP devices.

The company has promptly responded by releasing updates to mitigate these vulnerabilities.

Understanding the Vulnerabilities

CVE-2024-21899: Compromising System Security Through Improper Authentication

This vulnerability could allow unauthorized users to bypass authentication mechanisms, allowing them to compromise the system’s security via a network.

Integrate ANY.RUN in your company for Effective Malware Analysis

Are you from SOC and DFIR teams? – Join With 400,000 independent Researchers

Malware analysis can be fast and simple. Just let us show you the way to:

• Interact with malware safely
• Set up virtual machine in Linux and all Windows OS versions
• Work in a team
• Get detailed reports with maximum data
If you want to test all these features now with completely free access to the sandbox:
Analyze malware in ANY.RUN for free

The improper authentication flaw poses a critical risk, as it could enable attackers to gain unauthorized access to sensitive information or disrupt system operations.

CVE-2024-21900: Command Execution Through Injection Vulnerability

CVE-2024-21900 is an injection vulnerability that could allow authenticated users to execute arbitrary commands via a network.

This vulnerability could enable attackers to manipulate the system to their advantage, potentially leading to data theft, system damage, or further unauthorized access.

CVE-2024-21901: SQL Injection Vulnerability

The SQL injection vulnerability, identified as CVE-2024-21901, could allow authenticated administrators to inject malicious code via a network.

This vulnerability is particularly concerning as it could enable attackers to manipulate or corrupt database contents, leading to data loss or unauthorized access.

Hunter recently tweeted about a severe issue related to QNAP operating systems. The tweet warns users to be cautious and take necessary measures to avoid exploitation.

A critical vulnerability (CVE-2024-21899, CVSS 9.8) has been found in multiple versions of QNAP operating systems.

Affected and Fixed Versions

QNAP has taken swift action to address these vulnerabilities by releasing updates for the affected products.

Discovering these vulnerabilities in QNAP’s systems is a crucial reminder to maintain up-to-date security measures. 

The following table outlines the affected products and their corresponding fixed versions:

Affected Product	Fixed Version
QTS 5.1.x	QTS 5.1.3.2578 build 20231110 and later
QTS 4.5.x	QTS 4.5.4.2627 build 20231225 and later
QuTS hero h5.1.x	QuTS hero h5.1.3.2578 build 20231110 and later
QuTS hero h4.5.x	QuTS hero h4.5.4.2626 build 20231225 and later
QuTScloud c5.x	QuTScloud c5.1.5.2651 and later
myQNAPcloud 1.0.x	myQNAPcloud 1.0.52 (2023/11/24) and later

Users of the affected versions are urged to update their systems and applications to the latest versions to protect against these vulnerabilities.

To safeguard against these vulnerabilities, QNAP strongly recommends that users regularly update their systems and applications to the latest versions.

These updates include critical fixes that can protect devices from potential attacks.

Users can update their QTS, QuTS hero, or QuTScloud systems via the Control Panel’s Firmware Update section or download the updates directly from the QNAP website.

For myQNAPcloud, updates can be performed through the App Center.

The discovery of these vulnerabilities was credited to DEVCORE, under the identifiers ZDI-CAN-22493/22494.

QNAP’s swift response underscores the importance of proactive security measures and the company’s commitment to protecting its users. 

Users of QNAP devices are urged to update their systems immediately to protect against potential threats.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.