QNAP says this is a proactive measure, but you need to take it seriously
NAS vendor QNAP Systems has urgently issued patches for no fewer than 24 vulnerabilities across its product range, including two high-severity flaws that could enable command execution.
Despite the severity of these vulnerabilities, QNAP has not reported any instances of these bugs being exploited in the wild. The Taiwan-based firm’s move is more of a proactive measure against potentially highly damaging exploits.
According to Security Week, the most concerning vulnerabilities, referred to as CVE-2023-45025 and CVE-2023-39297, are OS command injection flaws. These flaws are present in QTS versions 5.1.x and 4.5.x, QuTS hero versions h5.
