• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
Computer Business World News

Computer Business World News

Trending News about Computers, Business and Tech

  • Home
  • BUSINESS
  • CAREERS
  • CLOUD
  • COMPUTERS
  • CYBERSECURITY
  • I.T.
  • TECH
  • VOIP
  • About

Top NAS app gets critical security flaw patch qnap

by

Taiwan-based QNAP Systems has fixed a remote code execution (RCE) vulnerability that plagued an application that’s used by many of its Network-Attached Storage (NAS) devices.

According to an advisory issued by the company, it has patched a stack-based buffer overflow vulnerability in the Surveillance Station app. 

“If exploited, this vulnerability allows attackers to execute arbitrary code”, QNAP said as it asked users of its NAS devices to update Surveillance Station to the latest version as soon as possible.

Software vulnerabilities

Surveillance Station is QNAP’s network surveillance video management system (VMS) that enables users to manage and monitor multiple IP cameras.

According to reports, exploiting the RCE vulnerability would also allow the perpetrators to subvert any security software or anti-malware scanners running on the compromised NAS device.

In addition to the critical RCE vulnerability, QNAP has also reportedly patched a medium severity cross-site scripting (XSS) vulnerability that plagued another of its widely used apps. 

According to QNAP, if exploited, the XSS vulnerability in the Photo Station app, which is used for uploading and viewing images on to the NAS device, allowed remote attackers to inject malicious code. 

QNAP has issued updates for both Surveillance Station and Photo Station apps to fix their respective vulnerabilities.

NAS devices are often targeted by threat actors since they are usually a treasure-trove of sensitive documents and files. QNAP has been at the receiving end of several malicious campaigns directed towards its devices, recently warning users about the Dovecat crypto mining malware that specifically hunted for Internet-exposed QNAP devices with weak passwords to use them for mining cryptocurrencies. 

Via: BleepingComputer

View Source

Filed Under: COMPUTERS

Primary Sidebar

More to See

After ‘The Voice’ and BET, two Mississippians give one last concert before heading to L.A. – Magnolia State Live

After ‘The Voice’ and BET, two Mississippians give one last concert before heading to L.A. Published 6:45 am Monday, January 30, 2023 … [Read More...] about After ‘The Voice’ and BET, two Mississippians give one last concert before heading to L.A. – Magnolia State Live

CSH Triples Its Computing Power

by Jake W Streamer | published Jan. 30th, 2023 … [Read More...] about CSH Triples Its Computing Power

4 tips for IT career growth in 2023

Despite increasing layoffs across the country, demand for IT pros remains high, especially for software developers and senior software … [Read More...] about 4 tips for IT career growth in 2023

Footer

SITE INFORMATION

COMPUTER BUSINESS WORLD NEWS

About/Contact

Privacy Policy

Thank you for visiting our website.

Recent

  • Russian millionaire on trial in hack, insider trade scheme
  • After ‘The Voice’ and BET, two Mississippians give one last concert before heading to L.A. – Magnolia State Live
  • CSH Triples Its Computing Power

Search

Copyright © 2023 Computer Business World