CyberSecurity news
FlagThis
@socradar.io - 96d
QNAP has issued urgent security updates addressing critical vulnerabilities impacting Notes Station 3 and QuRouter. These flaws, identified as CVE-2024-38645 (CVSS 9.4), CVE-2024-38643 (CVSS 9.3), and CVE-2024-48860 (CVSS 9.5), pose significant risks. CVE-2024-38645 is a Server-Side Request Forgery (SSRF) vulnerability allowing manipulation of server behavior, while CVE-2024-38643 is a critical missing authentication flaw enabling unauthorized remote access. CVE-2024-48860, affecting QuRouter, is a remote command execution vulnerability. These vulnerabilities could enable unauthorized access, data theft, and malware deployment.
The severity of these vulnerabilities necessitates immediate action from QNAP users. The flaws allow attackers to potentially steal sensitive data, install malware, or disrupt critical operations. QNAP strongly urges users to immediately apply the available patches to mitigate the risks associated with these critical flaws. Besides Notes Station 3 and QuRouter, other QNAP products such as QuLog Center, AI Core, QTS, and QuTS hero also received security updates addressing high-severity vulnerabilities.
The vulnerabilities affect widely used QNAP products, emphasizing the importance of prompt patching. The high CVSS scores (above 9.0) highlight the severity of the situation and underline the potential for widespread exploitation. Users are advised to check the QNAP security advisories for detailed information on affected versions and patching instructions. Failing to apply these updates leaves systems open to significant security risks and potential data breaches.
References :
The severity of these vulnerabilities necessitates immediate action from QNAP users. The flaws allow attackers to potentially steal sensitive data, install malware, or disrupt critical operations. QNAP strongly urges users to immediately apply the available patches to mitigate the risks associated with these critical flaws. Besides Notes Station 3 and QuRouter, other QNAP products such as QuLog Center, AI Core, QTS, and QuTS hero also received security updates addressing high-severity vulnerabilities.
The vulnerabilities affect widely used QNAP products, emphasizing the importance of prompt patching. The high CVSS scores (above 9.0) highlight the severity of the situation and underline the potential for widespread exploitation. Users are advised to check the QNAP security advisories for detailed information on affected versions and patching instructions. Failing to apply these updates leaves systems open to significant security risks and potential data breaches.
Share:
References :
- malware.news: Malware News article about the critical QNAP vulnerabilities.
- socradar.io: Analysis of the critical vulnerabilities in QNAP's Notes Station 3 and QuRouter, highlighting the risks and impact.
- www.qnap.com: QNAP security advisory addressing multiple vulnerabilities, including three critical flaws in Notes Station 3 and QuRouter.
- www.qnap.com: QNAP Security Advisory QSA-24-36
- www.qnap.com: QNAP security advisory addressing critical vulnerabilities in Notes Station 3 and QuRouter.
- www.qnap.com: Security advisory detailing critical vulnerabilities in QNAP Notes Station 3 and QuRouter, with CVSS scores above 9.0.
- www.qnap.com: QNAP security advisory regarding the vulnerabilities in Notes Station 3 and QuRouter.
Classification:
- HashTags: #QNAP #Vulnerability #CriticalVulnerability
- Company: QNAP
- Target: QNAP users
- Product: Notes Station 3, QuRouter
- Feature: Notes Station 3, QuRouter
- Type: Vulnerability
- Severity: Major