QNAP said in a security advisorythat it has fixed the issues in Q’Center Virtual Appliance, and urged customers to update to the latest version.
Researchers found an array of high severity vulnerabilities in network storage vendor QNAP’s web console, which could enable an authenticated attacker to gain privileges and execute arbitrary commands on the system.
The web-based platform, Q’center, allows users to manage network attached storage across multiple sites. According to SecureAuth and CoreSecurity’s security advisory, issued Wednesday, Q’center version 1.6.1056 and Q’center version 1.6.1075 are impacted.
“Multiple vulnerabilities were found in the QCenter web console that would allow an attacker to execute arbitrary commands on the system,” researchers said. “QNAP’s QCenter web console includes a functionality that would allow an authenticated attacker to elevate privileges on the system.”
QNAP said in a security advisory that it has fixed the issues in Q’center Virtual Appliance version 1.7.1083 and later, and urged customers to update to the latest version.
For More Details :
https://threatpost.com/multiple-bugs-found-in-qnap-qcenter-web-console/133884/
