QNAP Fixes Bug That Let Attackers Run Programs Remotely

October 1, 2021

QNAP, the manufacturer of Network Storage (NAS) recently released security patches to fix several vulnerabilities that allow attackers to remotely inject and execute malicious close and commands on vulnerable NAS devices.

Some of the patched vulnerabilities include three serious XSS vulnerabilities traced as CVE-2021-34354, CBE-2021-34356, and CVE-2021-34355.

They affect devices that released unpatched Photo Station program versions prior to 5.4.10, 5.7.13, or 6.0.18, a stored XSS Image2PDF bug affecting systems using software versions released prior to Image2PDF 2.1.5, a command injection bug (CVE-2021-34352) affecting some QNAP end-of-life (EQL) devices running QVR IP video surveillance software that could ultimately help attackers execute arbitrary commands.

Apart from this, QNAP has also patched three other QVR vulnerabilities with critical severity in the recently released security advisory.

Users are recommended to upgrade their NAS to the latest version of Photo Station or Image PDF and QVR monitoring software.

For more information, read the original story in Bleeping Computer

QNAP Fixes Bug That Let Attackers Run Programs Remotely

Top Stories

AI tool is flagging pancreatic cancer early in China

Top 10 predictions for information technology developments in 2026

Meta buys agentic AI startup Manus to boost consumer AI push

AST SpaceMobile launches largest satellite ever, challenging Starlink with direct-to-phone 5G

SoftBank sells remaining Nvidia stake to fund $22.5B OpenAI commitment

What a year this has been.

Related Articles

Reddit’s traffic surges past TikTok in the UK

Windows 11 comes last in legacy hardware benchmark

Drivers complain in-car ads are becoming a road hazard

AI tool is flagging pancreatic cancer early in China

TND News Desk

TND News Desk

Jim Love

Follow Us

Popular categories

Tech News Delivered