Zuso Art

#14299of 53,633
18.8Total CVSS
Vulnerabilities · 2
High
1
Critical
1
PT-2021-17923
8.8
2021-05-21
Qnap · Qnap Nas · CVE-2021-28798
Name of the Vulnerable Software and Affected Versions: QNAP NAS versions prior to QTS 4.5.2.1630 Build 20210406 QNAP NAS versions prior to QTS 4.3.6.1663 Build 20210504 QNAP NAS versions prior to QTS 4.3.3.1624 Build 20210416 QuTS hero versions prior to h4.5.2.1638 Build 20210414 Description: A relative path traversal issue has been reported to affect QNAP NAS running QTS and QuTS hero, allowing attackers to modify files that impact system integrity if exploited. Recommendations: For QNAP NAS versions prior to QTS 4.5.2.1630 Build 20210406, update to QTS 4.5.2.1630 Build 20210406 or later. For QNAP NAS versions prior to QTS 4.3.6.1663 Build 20210504, update to QTS 4.3.6.1663 Build 20210504 or later. For QNAP NAS versions prior to QTS 4.3.3.1624 Build 20210416, update to QTS 4.3.3.1624 Build 20210416 or later. For QuTS hero versions prior to h4.5.2.1638 Build 20210414, update to QuTS hero h4.5.2.1638 Build 20210414 or later.
PT-2021-4456
10
2021-05-12
Qnap · Qutscloud · CVE-2021-28799
**Name of the Vulnerable Software and Affected Versions** HBS 3 versions prior to v16.0.0415 on QTS 4.5.2 HBS 3 versions prior to v3.0.210412 on QTS 4.3.6 HBS 3 versions prior to v3.0.210411 on QTS 4.3.4 HBS 3 versions prior to v3.0.210411 on QTS 4.3.3 HBS 3 versions prior to v16.0.0419 on QuTS hero h4.5.1 HBS 3 versions prior to v16.0.0419 on QuTScloud c4.5.1~c4.5.4 **Description** The issue is related to an improper authorization vulnerability in QNAP NAS running HBS 3, which can allow remote attackers to log in to a device. This vulnerability has been exploited in real-world incidents, including a ransomware campaign known as Qlocker, which targeted QNAP NAS devices. The campaign started in April 2021 and allowed attackers to encrypt files on the devices, demanding a ransom in exchange for the decryption key. A new version of the Qlocker ransomware, QLocker2, was discovered in January, which also exploits this vulnerability. It is estimated that hundreds of devices have been affected by these campaigns. **Recommendations** For HBS 3 versions prior to v16.0.0415 on QTS 4.5.2, update to version v16.0.0415 or later. For HBS 3 versions prior to v3.0.210412 on QTS 4.3.6, update to version v3.0.210412 or later. For HBS 3 versions prior to v3.0.210411 on QTS 4.3.4, update to version v3.0.210411 or later. For HBS 3 versions prior to v3.0.210411 on QTS 4.3.3, update to version v3.0.210411 or later. For HBS 3 versions prior to v16.0.0419 on QuTS hero h4.5.1, update to version v16.0.0419 or later. For HBS 3 versions prior to v16.0.0419 on QuTScloud c4.5.1~c4.5.4, update to version v16.0.0419 or later. As a temporary workaround, consider restricting access to the HBS 3 application until a patch is available.