all InfoSec news
QNAP Fixes Pair of Command Injection Flaws
Malware Analysis, News and Indicators - Latest topics malware.news
QNAP has fixed two vulnerabilities in its QTS and QuTS hero operating systems, including a high-severity command-injection bug that could allow an attacker to execute arbitrary code on a vulnerable device.
The vulnerability exists in several versions of the operating systems, which run on various QNAP network-attached storage devices, including many enterprise-grade appliances. Stephen Fewer, a principal security researcher at Rapid7, discovered the bug (CVE-2024-47218) and disclosed it to QNAP, which has released updated firmware for the affected devices.
The …
arbitrary code attacker bug code command command injection device devices enterprise fixes flaws hero high injection network network-attached storage operating systems qnap run severity storage systems vulnerabilities vulnerability vulnerable