"Critical Command Injection Flaws in QTS OS and Apps: QNAP's Urgent Warning"
Originally Published 2 years ago — by BleepingComputer
QNAP Systems has issued security advisories for two critical command injection vulnerabilities affecting its QTS operating system and applications on network-attached storage (NAS) devices. The flaws, tracked as CVE-2023-23368 and CVE-2023-23369, allow remote attackers to execute commands via a network. QNAP users are urged to update their systems to the latest versions to mitigate the risk of cyberattacks, as NAS devices are often targeted for data theft and ransomware attacks.