- Cisco, NTT partner to simplify private 5G connectivity
- I gave away my Kindle and iPad within hours of testing this tablet - and it's up to $180 off
- Overcoming the 6 barriers to IT modernization
- The display that solved my biggest smart home problem is $125 for Black Friday
- Three reasons why your Zero Trust project isn’t delivering results (and what to do about it.)
QNAP fixes critical security holes in its networking solutions
Critical NAS read and code execution vulnerabilities
Tracked as CVE-2024-38643, a missing authentication for critical function vulnerability in QNAP’s note-taking and collaboration application for its NAS devices, Notes Station 3, could provide a remote attacker unauthorized access into the vulnerable systems.
The vulnerability, which has received a CVSS v3 severity rating of 9.8 out of 10, affects Notes Station 3 versions 3.9.x, and has been fixed in versions 3.9.7 and later. Other than the IT service providers, QNAP’s NAS services are used by a number of organizations in the media and entertainment, healthcare, and education segments for their trusted data storage hardware.
Affecting the same versions of the application is another server-side request forgery (SSRF) flaw, tracked as CVE-2024-38645, allowing remote actors with compromised access through CVE-2024-38643 to read full application data. The flaw carries a CVSS v4 rating of 9.4/10.
