- 지멘스-액센추어, 제조업 혁신 위한 공동 그룹 출범··· "전문가 7,000명 고용"
- Potential Nvidia chip shortage looms as Chinese customers rush to beat US sales ban
- These tech markets are taking the brunt of the new US tariffs - what that means for you
- JALを救ったSAKURAプロジェクト:50年ぶりの改革と復活の全貌
- IBM Cloud speeds AI workloads with Intel Gaudi 3 accelerators
QNAP fixes critical security holes in its networking solutions

Critical NAS read and code execution vulnerabilities
Tracked as CVE-2024-38643, a missing authentication for critical function vulnerability in QNAP’s note-taking and collaboration application for its NAS devices, Notes Station 3, could provide a remote attacker unauthorized access into the vulnerable systems.
The vulnerability, which has received a CVSS v3 severity rating of 9.8 out of 10, affects Notes Station 3 versions 3.9.x, and has been fixed in versions 3.9.7 and later. Other than the IT service providers, QNAP’s NAS services are used by a number of organizations in the media and entertainment, healthcare, and education segments for their trusted data storage hardware.
Affecting the same versions of the application is another server-side request forgery (SSRF) flaw, tracked as CVE-2024-38645, allowing remote actors with compromised access through CVE-2024-38643 to read full application data. The flaw carries a CVSS v4 rating of 9.4/10.