Taiwanese vendor also issues mitigations for quartet of other serious flaws
UPDATED QNAP Systems has patched a pair of critical security vulnerabilities that could allow unauthenticated attackers to take control of its network-attached storage (NAS) devices.
The flaws, which were among a raft of serious bugs addressed by the Taiwanese hardware vendor last week, can both lead to remote code execution (RCE), according to a blog post published on March 31 by security researcher Yaniv Puyeski of SAM Seamless Network.
Sold for home and commercial use through subsidiaries in 28 countries, QNAP’s NAS devices are used for file sharing, virtualization, storage management, and surveillance applications.
Network-attached pwnage
A command injection vulnerability (CVE-2020-2509) in QNAP NAS operating systems QTS and QuTS Hero is exploitable via the web server, and is addressed in various QTS versions and builds, plus QuTS Hero h4.5.1.1491 build 20201119, released on April 16.
Patched in the same batch of firmware updates, the other critical bug (CVE-2020-36195) affects any QNAP NAS devices running Multimedia Console or the Media Streaming add-on.
With access to the DLNA server, attackers can exploit the flaw to create arbitrary file data, elevating to RCE on the remote NAS, according to Puyeski.
“Both vulnerabilities are simple to exploit if you know the exact technical details (which we didn't publish to protect customers),” Puyeski told The Dail ..
Support the originator by clicking the read the rest link below.
