Taiwan-based company QNAP Systems has patched twenty-six vulnerabilities in its products, including two high-severity issues that could execute commands.
The bugs are identified as OS command injection flaws that affect QTS versions 5.1.x and 4.5.x, QuTS hero versions h5.1.x and h4.5.x, and QuTScloud version 5.x. They are tracked as CVE-2023-45025 and CVE-2023-39297. According to QNAP, in specific system configurations, users may be able to leverage the first vulnerability to issue commands over the network. According to the company, successful exploitation of the second bug necessitates authentication.
Additionally, QNAP released patches for two remotely exploitable vulnerabilities in QTS, QuTS hero, and QuTScloud, CVE-2023-47567 and CVE-2023-47568, which necessitate administrator authentication for successful exploitation.
Read More: QNAP Patches High-Severity Bugs in QTS, Qsync Central
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
