all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

QNAP Fixes Pair of Command Injection Flaws

Add to bookmarks
Feb. 13, 2024, 8:05 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

QNAP has fixed two vulnerabilities in its QTS and QuTS hero operating systems, including a high-severity command-injection bug that could allow an attacker to execute arbitrary code on a vulnerable device.


The vulnerability exists in several versions of the operating systems, which run on various QNAP network-attached storage devices, including many enterprise-grade appliances. Stephen Fewer, a principal security researcher at Rapid7, discovered the bug (CVE-2024-47218) and disclosed it to QNAP, which has released updated firmware for the affected devices.


The …

arbitrary code attacker bug code command command injection device devices enterprise fixes flaws hero high injection network network-attached storage operating systems qnap run severity storage systems vulnerabilities vulnerability vulnerable

Visit resource

More from malware.news / Malware Analysis, News and Indicators - Latest topics

CHM Malware Stealing User Information Being Distributed in Korea an hour ago | malware.news
ahnlab asec center change +13
Case of Malware Distribution Linking to Illegal Gambling Website Targeting Korean Web Server 2 hours ago | malware.news
actor ahnlab asec case +31
Detecting XFinity/Comcast DNS Spoofing, (Mon, May 6th) 2 hours ago | malware.news
access advertisements article block +14
RemcosRAT Distributed Using Steganography 2 hours ago | malware.news
ahnlab asec attacks center +24
Debugging WinDbg with Binary Ninja For Fun and Profit 3 hours ago | malware.news
api binary binary ninja code +14
RSAC 2024: Outfoxing SSO: Bypassing modern authentication 3 hours ago | malware.news
abuse adversary article authentication +17
CVE-2024-3661, a.k.a. TunnelVision, Exposes a VPN Bypass Vulnerability 5 hours ago | malware.news
attackers bypass bypass vulnerability can +20
Alleged LockBit Ransomware Gang Leader Named 5 hours ago | malware.news
development dmitry yuryevich khoroshev gang impact +11
Defenders assemble: Time to get in the game 5 hours ago | malware.news
alliance article defenders game +8

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Cyber Security Engineer I

@ Fortress Security Risk Management | Cleveland, OH, United States
View on infosec-jobs.com

Senior DevSecOps Engineer

@ Wisk Aero | Remote United States
View on infosec-jobs.com

Vulnerable Adult Investigator - Vice President

@ JPMorgan Chase & Co. | Chicago, IL, United States
View on infosec-jobs.com

Consultant Réseaux IT Digital Impulse - H/F

@ Talan | Paris, France
View on infosec-jobs.com

DevSecOps Engineer (Onsite)

@ Accenture Federal Services | Arlington, VA
View on infosec-jobs.com

Senior Security Engineer

@ Minitab | State College, Pennsylvania, United States
View on infosec-jobs.com
View more jobs