We want to inform you that multiple vulnerabilities have been reported to affect certain QNAP operating system versions. QNAP provide network storage devices commonly used in backup solutions.
This issue has been classified as high-risk, with ratings on the CVSSv3 scale of up to 7.3. Due to the nature of this vulnerability, it’s crucial to take immediate action to ensure your systems remain secure.
Some examples patched in this update include:
CVE-2024-50405: If exploited, the improper neutralisation of CRLF sequences ('CRLF Injection') vulnerability could allow remote attackers who have gained administrator access to modify application data.
CVE-2024-53692: If exploited, the command injection vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands.
To secure your device, we recommend updating your system to the latest version to benefit from vulnerability fixes.
See the official communication from QNAP here.