EN
EN DE
EN
EN DE
Contact Us
Sign Up
Topics
Finance & insurance
Trade
Industry
IT & Consulting
Tourism
Transport
Law
Public

QNAP Issues Emergency Fixes for Critical NAS and Router Flaws

0
Share:
Reading Time: 3 Minutes

QNAP has released critical security updates over the weekend to address multiple vulnerabilities affecting its NAS systems and routers. These flaws include three “critical” severity issues that could allow unauthorized system access and remote code execution. Users are strongly urged to update their devices immediately.

Notes Station 3 Vulnerabilities

Two critical flaws were found in Notes Station 3, a collaboration and note-taking app widely used in QNAP NAS devices:

  • CVE-2024-38643: A missing authentication mechanism for critical functions allows remote attackers to gain unauthorized access and execute system commands. (CVSS v4 score: 9.3, “critical”).
  • CVE-2024-38645: A server-side request forgery (SSRF) vulnerability enables authenticated attackers to manipulate server-side behavior and access sensitive data.

QNAP has fixed these issues in Notes Station 3 version 3.9.7. Users are advised to update immediately to mitigate risks. Full update instructions are available in QNAP’s official security bulletin.

Additional vulnerabilities, CVE-2024-38644 and CVE-2024-38646, rated as “high severity,” involve command injection and unauthorized data access. These require user-level access to exploit.

​QuRouter Flaws

A critical vulnerability, CVE-2024-48860, impacts QNAP’s QuRouter 2.4.x devices. This OS command injection flaw could allow remote attackers to execute commands on the host system.

Another less severe issue, CVE-2024-48861, also involving command injection, has been patched. Both issues are resolved in QuRouter version 2.4.3.106, and QNAP recommends immediate updates.

Other QNAP Products Affected

QNAP addressed additional vulnerabilities across its ecosystem, including:

  • CVE-2024-38647 (QNAP AI Core): Information exposure flaw that could let attackers access sensitive data. Resolved in AI Core version 3.4.1 and later.
  • CVE-2024-48862 (QuLog Center): A link-following flaw that could allow unauthorized file system access. Fixed in QuLog Center versions 1.7.0.831 and 1.8.0.888.
  • CVE-2024-50396 & CVE-2024-50397 (QTS and QuTS Hero): Format string handling vulnerabilities that could allow attackers to manipulate system memory or access sensitive data. Resolved in QTS 5.2.1.2930 and QuTS Hero h5.2.1.2929.

  • Protecting Your QNAP Devices

    QNAP urges all users to install these updates as soon as possible to secure their systems against potential attacks.

    Additionally:

    1. Ensure QNAP devices are not directly exposed to the Internet.
    2. Deploy devices behind a VPN for enhanced security.
    3. Regularly monitor for updates and apply them promptly.

    By taking these precautions, users can mitigate risks and protect sensitive data from exploitation.

    Trending: Chinese Hackers Exploit Zero-Day in FortiClient VPN with ‘DeepData’ Toolkit

    Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

    Source

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
London, GB
4:35 am, Jul 13, 2025
weather icon 15°C
L: 13° | H: 17°
few clouds
Humidity: 88 %
Pressure: 1014 mb
Wind: 2 mph
Wind Gust: 0 mph
UV Index: 0
Precipitation: 0 mm
Clouds: 11%
Rain Chance: 0%
Visibility: 10 km
Sunrise: 4:58 am
Sunset: 9:13 pm
DailyHourly
Daily ForecastHourly Forecast
Today 10:00 pm
weather icon
13° | 17°°C 0 mm 0% 6 mph 83 % 1014 mb 0 mm/h
Tomorrow 10:00 pm
weather icon
19° | 27°°C 0 mm 0% 15 mph 72 % 1015 mb 0 mm/h
Tue Jul 15 10:00 pm
weather icon
15° | 22°°C 0.94 mm 94% 15 mph 79 % 1016 mb 0 mm/h
Wed Jul 16 10:00 pm
weather icon
15° | 26°°C 0.4 mm 40% 13 mph 90 % 1016 mb 0 mm/h
Thu Jul 17 10:00 pm
weather icon
19° | 25°°C 0 mm 0% 7 mph 61 % 1018 mb 0 mm/h
Today 7:00 am
weather icon
16° | 17°°C 0 mm 0% 5 mph 83 % 1014 mb 0 mm/h
Today 10:00 am
weather icon
21° | 24°°C 0 mm 0% 4 mph 62 % 1013 mb 0 mm/h
Today 1:00 pm
weather icon
28° | 28°°C 0 mm 0% 3 mph 37 % 1011 mb 0 mm/h
Today 4:00 pm
weather icon
30° | 30°°C 0 mm 0% 2 mph 30 % 1010 mb 0 mm/h
Today 7:00 pm
weather icon
28° | 28°°C 0 mm 0% 4 mph 31 % 1009 mb 0 mm/h
Today 10:00 pm
weather icon
23° | 23°°C 0 mm 0% 6 mph 47 % 1010 mb 0 mm/h
Tomorrow 1:00 am
weather icon
21° | 21°°C 0 mm 0% 5 mph 52 % 1011 mb 0 mm/h
Tomorrow 4:00 am
weather icon
20° | 20°°C 0 mm 0% 6 mph 61 % 1010 mb 0 mm/h
Weather from OpenWeatherMap
Name Price24H (%)
Bitcoin(BTC)
€100,691.49
-0.12%
Ethereum(ETH)
€2,527.06
-0.45%
XRP(XRP)
€2.37
-1.59%
Tether(USDT)
€0.86
-0.01%
Solana(SOL)
€137.87
-1.46%
USDC(USDC)
€0.86
0.00%
Dogecoin(DOGE)
€0.169322
-3.35%
Shiba Inu(SHIB)
€0.000011
-1.93%
Pepe(PEPE)
€0.000010
-1.59%
Peanut the Squirrel(PNUT)
€0.246209
7.19%
Risikomonitor
Know and monitor IT vulnerabilities with just one click before it is too late.

Utility link

Useful link

Newsletter

Follow Us

Facebook Twitter Youtube Linkedin

© 2025 risikomonitor.com gmbh

Scroll to Top