By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Viral Trending contentViral Trending content
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
Reading: QNAP warns of critical auth bypass flaw in its NAS devices
Notification Show More
Viral Trending contentViral Trending content
  • Home
  • Categories
    • World News
    • Politics
    • Sports
    • Celebrity
    • Business
    • Crypto
    • Tech News
    • Gaming News
    • Travel
  • Bookmarks
© 2024 All Rights reserved | Powered by Viraltrendingcontent
Viral Trending content > Blog > Tech News > QNAP warns of critical auth bypass flaw in its NAS devices
Tech News

QNAP warns of critical auth bypass flaw in its NAS devices

By admin 3 Min Read
Share
SHARE

QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices.

The Taiwanese Network Attached Storage (NAS) device maker disclosed three vulnerabilities that can lead to an authentication bypass, command injection, and SQL injection.

While the last two require the attackers to be authenticated on the target system, which significantly lessens the risk, the first (CVE-2024-21899) can be executed remotely without authentication and is marked as “low complexity.”

The three flaws fixed are the following:

  • CVE-2024-21899: Improper authentication mechanisms allow unauthorized users to compromise the system’s security through the network (remotely).
  • CVE-2024-21900: This vulnerability could allow authenticated users to execute arbitrary commands on the system via a network, potentially leading to unauthorized system access or control.
  • CVE-2024-21901: This flaw could enable authenticated administrators to inject malicious SQL code through the network, potentially compromising the database integrity and manipulating its contents.

The flaws impact various versions of QNAP’s operating systems, including QTS 5.1.x, QTS 4.5.x, QuTS hero h5.1.x, QuTS hero h4.5.x, QuTScloud c5.x, and the myQNAPcloud 1.0.x service.

Users are recommended to upgrade to the following versions, which address the three flaws:

  • QTS 5.1.3.2578 build 20231110 and later
  • QTS 4.5.4.2627 build 20231225 and later
  • QuTS hero h5.1.3.2578 build 20231110 and later
  • QuTS hero h4.5.4.2626 build 20231225 and later
  • QuTScloud c5.1.5.2651 and later
  • myQNAPcloud 1.0.52 (2023/11/24) and later

For QTS, QuTS hero, and QuTScloud, users must log in as administrators, navigate to ‘Control Panel > System > Firmware Update,’ and click ‘Check for Update‘ to launch the automatic installation process.

To update myQNAPcloud, log in as admin, open the ‘App Center,’ click on the search box, and type “myQNAPcloud” + ENTER. The update should appear in the results. Click on the ‘Update‘ button to start.

NAS devices often store large amounts of valuable data for businesses and individuals, including sensitive personal information, intellectual property, and critical business data. At the same time, they are not closely monitored, remain always connected and exposed to the internet, and could be using outdated OS/firmware.

For all these reasons, NAS devices are often targeted for data theft and extortion.

Some ransomware operations previously known for targeting QNAP devices are DeadBolt, Checkmate, and Qlocker. 

These groups have launched numerous attack waves against NAS users, sometimes leveraging zero-day exploits to breach fully patched devices.

The best advice for NAS owners is to always keep your software update, and even better, don’t expose these types of devices to the internet.

You Might Also Like

Geotab Strengthens Global Footprint and Small to Mid-Sized Fleet Solutions with Acquisition of Verizon Connect’s International Commercial Operations in Europe and Australia

Our Favorite All-in-One Printer and Scanner Is $50 Off

Four Dublin start-ups awarded at 2025 New Frontiers showcase

Confucius Hackers Hit Pakistan With New WooperStealer and Anondoor Malware

Gemini AI Coming to Older Google Nest Speakers, Cameras, and Doorbells

TAGGED: Authentication Bypass, Command Injection, NAS, QNAP, Security Advisory, Vulnerability
Share This Article
Facebook Twitter Copy Link
Previous Article EU policies jeopardise food independence, say 50% in poll
Next Article Pogacar ‘could pay the price’ for his early season feats ahead of Giro-Tour double – Indurain
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

- Advertisement -
Ad image

Latest News

Geotab Strengthens Global Footprint and Small to Mid-Sized Fleet Solutions with Acquisition of Verizon Connect’s International Commercial Operations in Europe and Australia
Tech News
‘I don’t know why I need to go to college’: Ford CEO says his Gen Z son worked as a mechanic and wondered if the 4-year degree was still worth it
Business
Ethereum Foundation Unveils Next Phase Of Its Privacy Revolution
Crypto
Eiffel Tower closed as nationwide strikes held across France against spending cuts
World News
Dragon Ball: Sparking! ZERO Celebrates Over 200 Characters, Teases News of More in 2026
Gaming News
Developer sues Westminster, blames Xcel delays for stalled apartment project
Business
Our Favorite All-in-One Printer and Scanner Is $50 Off
Tech News

About Us

Welcome to Viraltrendingcontent, your go-to source for the latest updates on world news, politics, sports, celebrity, tech, travel, gaming, crypto news, and business news. We are dedicated to providing you with accurate, timely, and engaging content from around the globe.

Quick Links

  • Home
  • World News
  • Politics
  • Celebrity
  • Business
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
  • Sports
  • Crypto
  • Tech News
  • Gaming News
  • Travel

Trending News

cageside seats

Unlocking the Ultimate WWE Experience: Cageside Seats News 2024

Geotab Strengthens Global Footprint and Small to Mid-Sized Fleet Solutions with Acquisition of Verizon Connect’s International Commercial Operations in Europe and Australia

Investing £5 a day could help me build a second income of £329 a month!

cageside seats
Unlocking the Ultimate WWE Experience: Cageside Seats News 2024
May 22, 2024
Geotab Strengthens Global Footprint and Small to Mid-Sized Fleet Solutions with Acquisition of Verizon Connect’s International Commercial Operations in Europe and Australia
October 3, 2025
Investing £5 a day could help me build a second income of £329 a month!
March 27, 2024
Brussels unveils plans for a European Degree but struggles to explain why
March 27, 2024
© 2024 All Rights reserved | Powered by Vraltrendingcontent
  • About Us
  • Contact US
  • Disclaimer
  • Privacy Policy
  • Terms of Service
Welcome Back!

Sign in to your account

Lost your password?