QNAP Systems has patched two unauthenticated OS command injection vulnerabilities (CVE-2023-47218, CVE-2023-50358) in various versions of the operating systems embedded in the firmware of their popular network-attached storage (NAS) devices. About the vulnerabilities (CVE-2023-47218, CVE-2023-50358) Both vulnerabilities are in the quick.cgi component, though seemingly in a different function. Both were reported to QNAP at the beginning of November 2023. CVE-2023-47218, unearthed by Stephen Fewer, Principal Security Researcher at Rapid7, can be exploited by sending a … More
The post QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358) appeared first on Help Net Security.