- The 35+ best Black Friday Nintendo Switch deals 2024
- Cisco unveils SD-WAN Configuration Catalog to streamline industrial deployments
- Best Black Friday TV deals 2024: 75+ expert-selected deals on QLED, OLED, & more
- Shopping for your kids this Black Friday? This is the best kids' device of 2024
- Australia Passes Groundbreaking Cyber Security Law
QNAP fixes critical security holes in its networking solutions
Critical NAS read and code execution vulnerabilities
Tracked as CVE-2024-38643, a missing authentication for critical function vulnerability in QNAP’s note-taking and collaboration application for its NAS devices, Notes Station 3, could provide a remote attacker unauthorized access into the vulnerable systems.
The vulnerability, which has received a CVSS v3 severity rating of 9.8 out of 10, affects Notes Station 3 versions 3.9.x, and has been fixed in versions 3.9.7 and later. Other than the IT service providers, QNAP’s NAS services are used by a number of organizations in the media and entertainment, healthcare, and education segments for their trusted data storage hardware.
Affecting the same versions of the application is another server-side request forgery (SSRF) flaw, tracked as CVE-2024-38645, allowing remote actors with compromised access through CVE-2024-38643 to read full application data. The flaw carries a CVSS v4 rating of 9.4/10.
