DE
DE EN
DE
DE EN
Kontakt
Anmeldung
Themen
Finanzen & Versicherung
Handel
Industrie
IT & Beratung
Tourismus
Transport
Recht
Öffentlich

QNAP veröffentlicht Notfallkorrekturen für kritische NAS- und Router-Schwachstellen

0
Teilen:
Reading Time: 3 Minutes

QNAP has released critical security updates over the weekend to address multiple vulnerabilities affecting its NAS systems and routers. These flaws include three “critical” severity issues that could allow unauthorized system access and remote code execution. Users are strongly urged to update their devices immediately.

Notes Station 3 Vulnerabilities

Two critical flaws were found in Notes Station 3, a collaboration and note-taking app widely used in QNAP NAS devices:

  • CVE-2024-38643: A missing authentication mechanism for critical functions allows remote attackers to gain unauthorized access and execute system commands. (CVSS v4 score: 9.3, “critical”).
  • CVE-2024-38645: A server-side request forgery (SSRF) vulnerability enables authenticated attackers to manipulate server-side behavior and access sensitive data.

QNAP has fixed these issues in Notes Station 3 version 3.9.7. Users are advised to update immediately to mitigate risks. Full update instructions are available in QNAP’s official security bulletin.

Additional vulnerabilities, CVE-2024-38644 und CVE-2024-38646, rated as “high severity,” involve command injection and unauthorized data access. These require user-level access to exploit.

​QuRouter Flaws

A critical vulnerability, CVE-2024-48860, impacts QNAP’s QuRouter 2.4.x devices. This OS command injection flaw could allow remote attackers to execute commands on the host system.

Another less severe issue, CVE-2024-48861, also involving command injection, has been patched. Both issues are resolved in QuRouter version 2.4.3.106, and QNAP recommends immediate updates.

Other QNAP Products Affected

QNAP addressed additional vulnerabilities across its ecosystem, including:

  • CVE-2024-38647 (QNAP AI Core): Information exposure flaw that could let attackers access sensitive data. Resolved in AI Core version 3.4.1 and later.
  • CVE-2024-48862 (QuLog Center): A link-following flaw that could allow unauthorized file system access. Fixed in QuLog Center versions 1.7.0.831 and 1.8.0.888.
  • CVE-2024-50396 & CVE-2024-50397 (QTS and QuTS Hero): Format string handling vulnerabilities that could allow attackers to manipulate system memory or access sensitive data. Resolved in QTS 5.2.1.2930 and QuTS Hero h5.2.1.2929.

  • Protecting Your QNAP Devices

    QNAP urges all users to install these updates as soon as possible to secure their systems against potential attacks.

    Additionally:

    1. Ensure QNAP devices are not directly exposed to the Internet.
    2. Deploy devices behind a VPN for enhanced security.
    3. Regularly monitor for updates and apply them promptly.

    By taking these precautions, users can mitigate risks and protect sensitive data from exploitation.

    Trending: Chinese Hackers Exploit Zero-Day in FortiClient VPN with ‘DeepData’ Toolkit

    Sind Sie ein Sicherheitsforscher? Oder ein Unternehmen, das Artikel über Cybersicherheit, offensive Sicherheit (im Zusammenhang mit Informationssicherheit im Allgemeinen) schreibt, die zu unserem speziellen Publikum passen und es wert sind, geteilt zu werden? Wenn Sie Ihre Idee in einem Artikel ausdrücken möchten, kontaktieren Sie uns hier für ein Angebot: [email protected]

    Quelle

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
11:34 pm, Juni 27, 2025
Wetter-Symbol 20°C
L: 18° | H: 21°
klarer Himmel
Luftfeuchtigkeit: 77 %
Druck: 1022 mb
Wind: 12 mph WSW
Windböe: 0 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 4%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 4:45 am
Sonnenuntergang: 9:21 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Tomorrow 10:00 pm
Wetter-Symbol
18° | 21°°C 0 mm 0% 11 mph 81 % 1025 mb 0 mm/h
So. Juni 29 10:00 pm
Wetter-Symbol
18° | 31°°C 0 mm 0% 7 mph 77 % 1026 mb 0 mm/h
Mo. Juni 30 10:00 pm
Wetter-Symbol
21° | 35°°C 0 mm 0% 9 mph 65 % 1021 mb 0 mm/h
Di. Juli 01 10:00 pm
Wetter-Symbol
21° | 33°°C 0 mm 0% 10 mph 71 % 1016 mb 0 mm/h
Mi. Juli 02 10:00 pm
Wetter-Symbol
17° | 25°°C 1 mm 100% 13 mph 82 % 1017 mb 0 mm/h
Tomorrow 1:00 am
Wetter-Symbol
19° | 20°°C 0 mm 0% 10 mph 77 % 1022 mb 0 mm/h
Tomorrow 4:00 am
Wetter-Symbol
19° | 19°°C 0 mm 0% 9 mph 81 % 1022 mb 0 mm/h
Tomorrow 7:00 am
Wetter-Symbol
20° | 20°°C 0 mm 0% 8 mph 81 % 1023 mb 0 mm/h
Tomorrow 10:00 am
Wetter-Symbol
22° | 22°°C 0 mm 0% 9 mph 74 % 1024 mb 0 mm/h
Tomorrow 1:00 pm
Wetter-Symbol
27° | 27°°C 0 mm 0% 11 mph 54 % 1024 mb 0 mm/h
Tomorrow 4:00 pm
Wetter-Symbol
27° | 27°°C 0 mm 0% 11 mph 50 % 1023 mb 0 mm/h
Tomorrow 7:00 pm
Wetter-Symbol
27° | 27°°C 0 mm 0% 10 mph 51 % 1023 mb 0 mm/h
Tomorrow 10:00 pm
Wetter-Symbol
23° | 23°°C 0 mm 0% 8 mph 68 % 1025 mb 0 mm/h
Wetter von OpenWeatherMap
Name Preis24H (%)
Bitcoin(BTC)
€91,524.74
0.04%
Ethereum(ETH)
€2,068.67
0.11%
Fesseln(USDT)
€0.85
0.00%
XRP(XRP)
€1.84
1.43%
Solana(SOL)
€122.02
2.11%
USDC(USDC)
€0.85
0.00%
Dogecoin(DOGE)
€0.137783
0.89%
Shiba Inu(SHIB)
€0.000009
0.55%
Pepe(PEPE)
€0.000008
-0.86%
Risikomonitor
Erkennen und überwachen Sie IT-Schwachstellen mit nur einem Klick, bevor es zu spät ist.

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns

Facebook Twitter Youtube Linkedin

© 2025 risikomonitor.com gmbh

Nach oben scrollen