Subscribe

QNAP Fixes Bug That Let Attackers Run Programs Remotely

October 1, 2021

QNAP, the manufacturer of Network Storage (NAS) recently released security patches to fix several vulnerabilities that allow attackers to remotely inject and execute malicious close and commands on vulnerable NAS devices.

Some of the patched vulnerabilities include three serious XSS vulnerabilities traced as CVE-2021-34354, CBE-2021-34356, and CVE-2021-34355.

They affect devices that released unpatched Photo Station program versions prior to 5.4.10, 5.7.13, or 6.0.18, a stored XSS Image2PDF bug affecting systems using software versions released prior to Image2PDF 2.1.5, a command injection bug (CVE-2021-34352) affecting some QNAP end-of-life (EQL) devices running QVR IP video surveillance software that could ultimately help attackers execute arbitrary commands.

Apart from this, QNAP has also patched three other QVR vulnerabilities with critical severity in the recently released security advisory.

Users are recommended to upgrade their NAS to the latest version of Photo Station or Image PDF and QVR monitoring software.

For more information, read the original story in Bleeping Computer

Top Stories

OpenAI brings in Smartly to shape how ads work inside ChatGPT

Quantum breakthrough researchers cut required qubits from millions to thousands

Anthropic coding tool exposes full source code again after packaging error

Cisco breach exposes 300+ repos after supply chain attack

OpenAI cuts Sora with $1M-a-day costs to free up resources for core AI models

AI boom faces new constraint as helium disruption slows chip production

Related Articles

NYC hospital chief says AI could take over some radiology work

April 3, 2026 The CEO of NYC Health + Hospitals says artificial intelligence could replace a significant portion of radiology more...

OpenAI brings in Smartly to shape how ads work inside ChatGPT

April 3, 2026 OpenAI has signed Smartly as its first dedicated adtech partner to refine how advertising appears in ChatGPT. more...

Quantum breakthrough researchers cut required qubits from millions to thousands

April 2, 2026 Researchers from California Institute of Technology and start-up Oratomic have demonstrated a new error-correction approach that could more...

AMD moves to acquire Intel in all-stock deal

April 2, 2026 AMD has agreed to acquire Intel in an all-stock transaction that would combine the two long-time x86 more...

Picture of TND News Desk

TND News Desk

Staff writer for Tech Newsday.
Picture of TND News Desk

TND News Desk

Staff writer for Tech Newsday.

Jim Love

Jim is an author and podcast host with over 40 years in technology.

Share:
Facebook
Twitter
LinkedIn
Tech News Day is a daily publication featuring key news stories about technology and how it affects businesses.

Follow Us

X-twitter Linkedin-in

Popular categories

Tech News Delivered

New, Relevant Tech Stories. Our selection is done by industry professionals – executives like you who pick the top stories for that day. Our writers summarize them to give you the key takeaways.
Subscribe
© 2025 TECHNEWSDAY. All rights reserved.