DE
DE EN
DE
DE EN
Kontakt
Anmeldung
Themen
Finanzen & Versicherung
Handel
Industrie
IT & Beratung
Tourismus
Transport
Recht
Öffentlich

QNAP veröffentlicht Notfallkorrekturen für kritische NAS- und Router-Schwachstellen

0
Teilen:
Reading Time: 3 Minutes

QNAP has released critical security updates over the weekend to address multiple vulnerabilities affecting its NAS systems and routers. These flaws include three “critical” severity issues that could allow unauthorized system access and remote code execution. Users are strongly urged to update their devices immediately.

Notes Station 3 Vulnerabilities

Two critical flaws were found in Notes Station 3, a collaboration and note-taking app widely used in QNAP NAS devices:

  • CVE-2024-38643: A missing authentication mechanism for critical functions allows remote attackers to gain unauthorized access and execute system commands. (CVSS v4 score: 9.3, “critical”).
  • CVE-2024-38645: A server-side request forgery (SSRF) vulnerability enables authenticated attackers to manipulate server-side behavior and access sensitive data.

QNAP has fixed these issues in Notes Station 3 version 3.9.7. Users are advised to update immediately to mitigate risks. Full update instructions are available in QNAP’s official security bulletin.

Additional vulnerabilities, CVE-2024-38644 und CVE-2024-38646, rated as “high severity,” involve command injection and unauthorized data access. These require user-level access to exploit.

​QuRouter Flaws

A critical vulnerability, CVE-2024-48860, impacts QNAP’s QuRouter 2.4.x devices. This OS command injection flaw could allow remote attackers to execute commands on the host system.

Another less severe issue, CVE-2024-48861, also involving command injection, has been patched. Both issues are resolved in QuRouter version 2.4.3.106, and QNAP recommends immediate updates.

Other QNAP Products Affected

QNAP addressed additional vulnerabilities across its ecosystem, including:

  • CVE-2024-38647 (QNAP AI Core): Information exposure flaw that could let attackers access sensitive data. Resolved in AI Core version 3.4.1 and later.
  • CVE-2024-48862 (QuLog Center): A link-following flaw that could allow unauthorized file system access. Fixed in QuLog Center versions 1.7.0.831 and 1.8.0.888.
  • CVE-2024-50396 & CVE-2024-50397 (QTS and QuTS Hero): Format string handling vulnerabilities that could allow attackers to manipulate system memory or access sensitive data. Resolved in QTS 5.2.1.2930 and QuTS Hero h5.2.1.2929.

  • Protecting Your QNAP Devices

    QNAP urges all users to install these updates as soon as possible to secure their systems against potential attacks.

    Additionally:

    1. Ensure QNAP devices are not directly exposed to the Internet.
    2. Deploy devices behind a VPN for enhanced security.
    3. Regularly monitor for updates and apply them promptly.

    By taking these precautions, users can mitigate risks and protect sensitive data from exploitation.

    Trending: Chinese Hackers Exploit Zero-Day in FortiClient VPN with ‘DeepData’ Toolkit

    Sind Sie ein Sicherheitsforscher? Oder ein Unternehmen, das Artikel über Cybersicherheit, offensive Sicherheit (im Zusammenhang mit Informationssicherheit im Allgemeinen) schreibt, die zu unserem speziellen Publikum passen und es wert sind, geteilt zu werden? Wenn Sie Ihre Idee in einem Artikel ausdrücken möchten, kontaktieren Sie uns hier für ein Angebot: [email protected]

    Quelle

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
9:06 am, Juli 13, 2025
Wetter-Symbol 20°C
L: 17° | H: 21°
klarer Himmel
Luftfeuchtigkeit: 71 %
Druck: 1014 mb
Wind: 4 mph NE
Windböe: 6 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 3%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 4:58 am
Sonnenuntergang: 9:13 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 10:00 pm
Wetter-Symbol
17° | 21°°C 0 mm 0% 6 mph 71 % 1013 mb 0 mm/h
Tomorrow 10:00 pm
Wetter-Symbol
19° | 27°°C 0 mm 0% 15 mph 71 % 1015 mb 0 mm/h
Di. Juli 15 10:00 pm
Wetter-Symbol
15° | 22°°C 1 mm 100% 17 mph 85 % 1016 mb 0 mm/h
Mi. Juli 16 10:00 pm
Wetter-Symbol
14° | 27°°C 0.11 mm 11% 11 mph 85 % 1017 mb 0 mm/h
Do. Juli 17 10:00 pm
Wetter-Symbol
18° | 27°°C 1 mm 100% 13 mph 95 % 1015 mb 0 mm/h
Today 10:00 am
Wetter-Symbol
20° | 22°°C 0 mm 0% 4 mph 71 % 1013 mb 0 mm/h
Today 1:00 pm
Wetter-Symbol
22° | 27°°C 0 mm 0% 3 mph 62 % 1013 mb 0 mm/h
Today 4:00 pm
Wetter-Symbol
27° | 30°°C 0 mm 0% 0 mph 42 % 1011 mb 0 mm/h
Today 7:00 pm
Wetter-Symbol
27° | 27°°C 0 mm 0% 6 mph 31 % 1008 mb 0 mm/h
Today 10:00 pm
Wetter-Symbol
23° | 23°°C 0 mm 0% 6 mph 40 % 1010 mb 0 mm/h
Tomorrow 1:00 am
Wetter-Symbol
19° | 19°°C 0 mm 0% 5 mph 40 % 1011 mb 0 mm/h
Tomorrow 4:00 am
Wetter-Symbol
20° | 20°°C 0 mm 0% 5 mph 52 % 1010 mb 0 mm/h
Tomorrow 7:00 am
Wetter-Symbol
19° | 19°°C 0 mm 0% 9 mph 71 % 1011 mb 0 mm/h
Wetter von OpenWeatherMap
Name Preis24H (%)
Bitcoin(BTC)
€100,953.28
0.17%
Ethereum(ETH)
€2,535.39
-0.08%
XRP(XRP)
€2.40
0.98%
Fesseln(USDT)
€0.86
-0.01%
Solana(SOL)
€139.11
-0.28%
USDC(USDC)
€0.86
0.00%
Dogecoin(DOGE)
€0.170593
-0.87%
Shiba Inu(SHIB)
€0.000011
-0.91%
Pepe(PEPE)
€0.000010
-1.28%
Peanut das Eichhörnchen(PNUT)
€0.246209
7.19%
Risikomonitor
Erkennen und überwachen Sie IT-Schwachstellen mit nur einem Klick, bevor es zu spät ist.

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns

Facebook Twitter Youtube Linkedin

© 2025 risikomonitor.com gmbh

Nach oben scrollen