NASty Flaws In Networked Storage, Patch Synology And QNAP ASAP

Source: Bleeping Computer NASty Flaws In Networked Storage, Patch Synology And QNAP ASAP

The Pwn2Own Hacking Competition Was Busy This Year

Last week at Pwn2Own there were serious flaws discovered in QNAP and Synology NAS software, and this week those companies have released patches for them.  In Synology’s case, several versions of both BeePhotos for BeeStation and Synology Photos for DSM open you up to serious pain.  The unpatched software would allow attackers to trigger remote code execution as root on vulnerable NAS appliances exposed online.  For QNAP owners it is an SQL injection vulnerability which could ruin their day.  The flaw is present in QNAP TS-464 NAS devices and in the HBS 3 Hybrid Backup Sync disaster recovery and data backup solution.

In both cases, the companies do not push the updates, you will need to update them manually.  Please check the links to Bleeping Computer for steps on how to do that if you aren’t 100% sure of the process.  The decision not to push updates is common with NAS device sellers, these devices need to remain up and running, so unexpected reboots or even software updates could impact the availability of the NAS devices.  Check for outstanding updates and plan accordingly!

Midnight Blue security researcher Rick de Jager found the critical zero-click vulnerabilities (tracked together as CVE-2024-10443 and dubbed RISK:STATION) in the company's Synology Photos and BeePhotos for BeeStation software.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!