Researchers have found 15 vulnerabilities in QNAP’s network attached storage (NAS) devices, and have released a proof-of-concept for one: an unauthenticated stack overflow vulnerability (CVE-2024-27130) that may be leveraged for remote code execution. The vulnerabilities and the CVE-2024-27130 PoC “With a codebase bearing some long 10+ year legacy, and a long history of security weaknesses,” QNAP’s QTS operating system and its “variants” (QuTSCloud and QTS hero) enticed WatchTowr Labs researchers to probe for vulnerabilities. “Given … More
The post 15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130) appeared first on Help Net Security.