BleepingComputer reports that updates have been issued by QNAP to remediate several flaws impacting its routers, network-attached storage app, and other offerings, three of which were critical.Most severe of the addressed vulnerabilities is the OS command injection flaw in QNAP's QuRouter 2.4.x offerings, tracked as CVE-2024-48860, which could be leveraged for remote command execution, while QNAP's Notes Station 3 note-taking and collaboration app for NAS systems is affected by a pair of critical bugs — including a missing authentication for critical functions flaw, tracked as CVE-2024-38643, and a server-side request forgery issue, tracked as CVE-2024-38645. A high-severity command injection flaw in QuRouter, tracked as CVE-2024-48861, and high-severity command injection and unauthorized data access issues in QNAP Notes Station 3, tracked as CVE-2024-38644 and CVE-2024-38646, have also been patched. QNAP has also fixed numerous other high-severity vulnerabilities impacting its QNAP AI Core, QTS, QuTS Hero, and QuLog Center products.
Vulnerability Management, Network Security
Several QNAP vulnerabilities addressed

An In-Depth Guide to Network Security
Get essential knowledge and practical strategies to fortify your network security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



