QNAP Alerts Users to a Critical Vulnerability in Its NAS Devices

Customers should update their QNAP NAS devices to the latest firmware to patch the vulnerability.

Two medium-severity vulnerabilities have also been patched by QNAP.

Tracked asCVE-2024-21900andCVE-2024-21901, the vulnerabilities allow authenticated users to execute arbitrary code or inject SQL through a web connection.

It seems that none of the listed vulnerabilities have been used in the wild.

However, real-world attacks may occur if customers fail to update their QNAP systems.

In any case, these vulnerabilities affect several versions of QNAP’s operating system.

Note that you could always visit QNAP’sproduct support status pageto see the latest updates for your NAS equipment.

QNAP recommends regularly updating your system to patch zero-day vulnerabilities and other exploits.

This is important even when remote access is disabled on your NAS.

Additional information is available on QNAP’sAlerts page.