Some QNAP network attached storage devices are vulnerable to attack because of two critical vulnerabilities, one that enables unauthenticated remote code execution and another that provides the ability to write to arbitrary files.
The vulnerabilities were made known to the Taiwan-based company on October 12, 2020, and on November 29, 2020, by SAM Seamless Network, a connected home security firm. They were found in the QNAP TS-231's latest firmware, version 4.3.6.1446, which SAM claims was released on September 29, 2020, and QNAP's website list as October 7, 2020 – which may represent different build numbers.
"We reported both vulnerabilities to QNAP with a four-month grace period to fix them," said Yaniv Puyeski, an embedded software security researcher at SAM, in a blog post on Wednesday. "Unfortunately, as of the pu ..
Support the originator by clicking the read the rest link below.
