QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358)

QNAP Systems has patched two unauthenticated OS command injection vulnerabilities (CVE-2023-47218, CVE-2023-50358) in various versions of the operating systems embedded in the firmware of their popular network-attached storage (NAS) devices. About the vulnerabilities (CVE-2023-47218, CVE-2023-50358) Both vulnerabilities are in the quick.cgi component, though seemingly in a different function. Both were reported to QNAP at the beginning of November 2023. CVE-2023-47218, unearthed by Stephen Fewer, Principal Security Researcher at Rapid7, can be exploited by sending a … More →

The post …

cgi command command injection cve cve-2023-50358 devices don't miss embedded enterprise firmware fixes flaws function hot stuff injection nas network network-attached storage operating systems os command palo alto networks popular qnap rapid7 security update smbs storage systems unauthenticated vulnerabilities vulnerability