{"id":37006,"date":"2023-02-01T20:14:02","date_gmt":"2023-02-01T20:14:02","guid":{"rendered":"https:\/\/mailinvest.blog\/index.php\/2023\/02\/01\/qnaps-nas-devices-affected-by-a-new-critical-security-issue-patches-are-available\/"},"modified":"2023-02-01T20:15:36","modified_gmt":"2023-02-01T20:15:36","slug":"qnaps-nas-devices-affected-by-a-new-critical-security-issue-patches-are-available","status":"publish","type":"post","link":"https:\/\/mailinvest.blog\/index.php\/2023\/02\/01\/qnaps-nas-devices-affected-by-a-new-critical-security-issue-patches-are-available\/","title":{"rendered":"QNAP’s NAS devices affected by a new critical security issue, patches are available"},"content":{"rendered":"

<\/a>\n<\/p>\n

\n

A scorching potato:<\/strong> QNAP is as soon as once more warning customers a few safety vulnerability impacting its network-attached storage (NAS) units. The crucial flaw may make distant assaults simpler, therefore homeowners are strongly advisable to put in the newest firmware updates. <\/p>\n

Taiwanese firm QNAP lately disclosed a brand new safety vulnerability within the working system of its NAS devices<\/a>, a harmful flaw labeled with a “crucial” severity stage, which may spell doom for remotely-accessible person information. Patches are already accessible, whereas customers ought to at all times set up the newest updates to maintain their NAS storage items protected from cyber-criminals and ransomware gangs.<\/p>\n

Based on QNAP’s official security bulletin<\/a>, the flaw labeled as CVE-2022-27596 impacts QTS 5.0.1 and QuTS hero h5.0.1 NAS working techniques. If exploited, QNAP warns, the SQL injection vulnerability may permit distant attackers to inject malicious code. Potential assaults do not require authentication, so QNAP assigned the bug a CVSS rating of 9.8 out of 10.<\/p>\n

The corporate has already mounted the vulnerability, releasing the next updates for its NAS working techniques:<\/p>\n