QNAP addresses a vulnerability in NAS devices

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary QNAP has released updates to address a security flaw in its network-attached storage NAS devices that allows arbitrary code injection. This vulnerability enables a remote attacker to run any SQL...

QNAP Fixes Critical Vulnerability in NAS Devices with Latest Security Updates

Taiwanese company QNAP has released updates to remediate a critical security flaw affecting its network-attached storage NAS devices that could lead to arbitrary code injection. Tracked as CVE-2022-27596, the vulnerability is rated 9.8 out of a maximum of 10 on the CVSS scoring scale. It affects...

Synology Releases Patch for Critical RCE Vulnerability Affecting VPN Plus Servers

Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems. Tracked as CVE-2022-43931, the vulnerability carries a maximum severity rating of 10 on the CVSS scale and has been described as an out-of-bounds writ...

Dutch Police Tricked Deadbolt Ransomware Gang Into Sharing Decryption Keys

By Deeba Ahmed According to Dutch Police, Deadbolt ransomware attacks mainly focused on NAS network-attached storage. This is a post from HackRead.com Read the original post: Dutch Police Tricked Deadbolt Ransomware Gang Into Sharing Decryption Keys...

QNAP Network-Attached Storage (NAS) Command Injection Vulnerability

QNAP NAS devices contain a command injection vulnerability which could allow attackers to perform remote code execution...

Zyxel Multiple NAS Devices OS Command Injection Vulnerability

Multiple Zyxel network-attached storage NAS devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code...

Defending Users’ NAS Devices From Evolving Threats

In our latest research, we analyze the threats targeting well-known brands of network-attached storage NAS devices...

Western Digital Users Face Another RCE

Bad news comes in threes, most particularly for Western Digital customers. As if things weren’t bad enough for the untold number of Western Digital customers whose data blinked out of existence last month, there’s another zero-day waiting for whoever can’t or won’t upgrade its My Cloud storage...

Zero-Day Used to Wipe My Book Live Devices

Western Digital will start providing free data-recovery services in July for people whose data was wiped off their network-attached storage NAS devices last week, the company said in an update on Tuesday. The company is also planning to offer a trade-in program to get customers onto the cloud –...

My Book Live Users Wake Up to Wiped Devices

If you haven’t already, stop reading and go yank your My Book Live storage device offline, lest you join the ranks of those who woke up on Thursday to find that years of data had been wiped clean on devices around the world. Western Digital’s My Book storage device is designed for consumers and...

QNAP Releases Security Updates for QNAP Helpdesk

QNAP Systems has released security updates to address vulnerabilities in QNAP Helpdesk. An attacker could exploit these vulnerabilities to take control of an affected QNAP network-attached storage NAS device. The Cybersecurity and Infrastructure Security Agency CISA encourages users and...

Command injection

Multiple ZyXEL network-attached storage NAS devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. ZyXEL NAS devices achieve authentication by using th...

ZyXEL NAS Command Injection (CVE-2020-9054)

A command injection vulnerability exists in Multiple ZyXEL network-attached storage NAS devices. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

Network Data Management Protocol (NDMP) Detection

A NDMP Service is running at this host. NDMP is used primarily for backup of network-attached storage NAS devices, such as storage systems. Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

Seagate Personal Cloud SRN21C 4.3.16.0 4.3.18.0 - SQL Injection

Seagate Personal Cloud SRN21C 4.3.16.0 4.3.18.0 - SQL Injection ------------------------------------------------------------------------ Seagate Media Server multiple SQL injection vulnerabilities ------------------------------------------------------------------------ Yorick Koster, September 20...

Seagate Personal Cloud SRN21C SQL Injection Vulnerability

Seagate Personal Cloud model SRN21C running firmware versions 4.3.16.0 and 4.3.18.0 suffer from remote SQL injection vulnerabilities in the media server. ------------------------------------------------------------------------ Seagate Media Server multiple SQL injection vulnerabilities...

FBI Router Reboot Warning: How Do I Stay Safe from the New VPNFilter Malware?

You might have seen reports that the FBI is warning home users of a new foreign cyber-attack campaign targeted at your routers and network-attached storage NAS devices. Here’s a breakdown of exactly what has happened, and what you need to do to keep your home IT systems safe and secure. What is...

Authentication bypass vulnerability in Western Digital My Cloud

Abstract It was discovered that Western Digital My Cloud is affected by an authentication bypass vulnerability. By exploiting this vulnerability, an unauthenticated attacker can bypass the login functionality and gain full control of the device. Tested versions This vulnerability was successfully...

Seagate Personal Cloud allows moving of arbitrary files

Abstract Seagate Personal Cloud is a consumer-grade Network-Attached Storage device NAS. It was found that the web application used to manage the NAS contains a vulnerability that allows an unauthenticated attacker to move arbitrary files. The move operation is done with root privileges, which...

Seagate Media Server Arbitrary File / Folder Deletion Vulnerabilities

Seagate Media Server on a Seagate Personal Cloud model SRN21C running firmware version 4.3.16.0 suffers from an unauthenticated arbitrary file and folder deletion vulnerability. ------------------------------------------------------------------------ Seagate Media Server allows deleting of...