Top NAS app gets critical security flaw patch
QNAP has been a favourite target of hackers, owing to its popularity
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Taiwan-based QNAP Systems has fixed a remote code execution (RCE) vulnerability that plagued an application that’s used by many of itsNetwork-Attached Storage (NAS)devices.
According to an advisory issued by the company, it has patched a stack-based buffer overflow vulnerability in the Surveillance Station app.
“If exploited, this vulnerability allows attackers to execute arbitrary code”, QNAP said as it asked users of itsNASdevices to update Surveillance Station to the latest version as soon as possible.
Software vulnerabilities
Surveillance Station is QNAP’s network surveillancevideo management system (VMS)that enables users to manage and monitor multipleIP cameras.
According to reports, exploiting the RCE vulnerability would also allow the perpetrators to subvert any security software or anti-malware scanners running on the compromised NAS device.
In addition to the critical RCE vulnerability, QNAP has also reportedly patched a medium severity cross-site scripting (XSS) vulnerability that plagued another of its widely used apps.
According to QNAP, if exploited, the XSS vulnerability in the Photo Station app, which is used for uploading and viewing images on to the NAS device, allowed remote attackers to inject malicious code.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
QNAP has issued updates for both Surveillance Station and Photo Station apps to fix their respective vulnerabilities.
NAS devices are often targeted by threat actors since they are usually a treasure-trove of sensitive documents and files. QNAP has been at the receiving end of several malicious campaigns directed towards its devices, recently warning users about theDovecat crypto mining malwarethat specifically hunted for Internet-exposed QNAP devices with weak passwords to use them for mining cryptocurrencies.
Via:BleepingComputer
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
This new phishing strategy utilizes GitHub comments to distribute malware
Professionals are facing “tech overload” as they try to juggle multiple devices in the workplace
