Published On: Nov 04, 2024 09:42
Advisory No: TZCERT-SA-24-0035
Source: QNAP
Software Affected: SMB Service, HBS 3 Hybrid Backup Sync
Multiple NAS devices are vulnerable to critical vulnerabilities. A remote attacker can exploit the vulnerabilities to execute arbitrary code.
QNAP NAS devices depending on SMB Service and HBS 3 Hybrid Backup Syncare are affected by critical vulnerabilities tracked as CVE-2024-50387 and CVE-2024-50388. The attackers can exploit these vulnerabilities to gain a root shell and execute arbitrary commands on affected devices
Successful exploitation of these vulnerabilities may allow the attacker to take control of the affected system.
QNAP has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
