Critical Function Vulnerability Affects myQNAPcloud Link, Fix Available in Version 2.4.51 and Later

Summary

The first article discusses a critical vulnerability affecting myQNAPcloud Link, allowing unauthorized users to access certain functions without proper authentication. The vendor, QNAP, has released a fix for the vulnerability in version 2.4.51 and later, and there are currently no known exploits in the wild, especially by ransomware groups. The second article details multiple vulnerabilities across QNAP's NAS systems, including flaws related to improper authentication, command injection, SQL injection, and OS command injection. QNAP has addressed these vulnerabilities in various product versions and urges users to update their systems and applications. While some of the vulnerabilities have fixes available, others are still in the process of being patched, including CVE-2024-27124 and CVE-2024-32764. The potential impact of the exploitation of these vulnerabilities includes unauthorized access, control over affected devices, data manipulation or theft, system compromise, and network infiltration. Both articles emphasize the importance of promptly updating devices to fix the vulnerabilities and maintaining vigilance in order to mitigate potential threats.

News Articles

CybersecurityNews

CVE-2024-27124CVE-2024-32764

Multiple QNAP Vulnerability Let Hackers Hijack Your NAS

QNAP has disclosed multiple vulnerabilities across its NAS systems that could potentially allow hackers to take control of affected devices.

7 months ago