{"id":951,"date":"2024-03-11T14:12:03","date_gmt":"2024-03-11T12:12:03","guid":{"rendered":"https:\/\/techlance.ddns.net\/?p=951"},"modified":"2024-03-11T14:12:43","modified_gmt":"2024-03-11T12:12:43","slug":"qnap-varoittaa-kriittisesta-haavoittuvuudesta","status":"publish","type":"post","link":"https:\/\/techlance.ddns.net\/en\/qnap-varoittaa-kriittisesta-haavoittuvuudesta\/","title":{"rendered":"QNAP varoittaa kriittisest\u00e4 haavoittuvuudesta"},"content":{"rendered":"<p>QNAP varoittaa haavoittuvuuksista sen NAS-ohjelmistotuotteissa, mukaan lukien QTS, QuTS hero, QuTScloud ja myQNAPcloud, jotka saattavat sallia hy\u00f6kk\u00e4\u00e4jien p\u00e4\u00e4syn laitteisiin.<\/p>\n\n\n\n<p>Taiwanilainen verkkoon liitett\u00e4vien tallennuslaitteiden (NAS) valmistaja paljasti kolme haavoittuvuutta, jotka voivat johtaa todennuksen ohittamiseen, komentoinjektioon ja SQL-injektioon.<\/p>\n\n\n\n<p>Vaikka viimeiset kaksi vaativat, ett\u00e4 hy\u00f6kk\u00e4\u00e4j\u00e4t ovat autentikoituneet kohdej\u00e4rjestelm\u00e4ss\u00e4, mik\u00e4 merkitt\u00e4v\u00e4sti v\u00e4hent\u00e4\u00e4 riski\u00e4, ensimm\u00e4ist\u00e4 (CVE-2024-21899) voidaan suorittaa et\u00e4n\u00e4 ilman autentikointia ja se on merkitty &#8221;matalan kompleksisuuden&#8221; haavoittuvuudeksi.<\/p>\n\n\n\n<p>QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices. The Taiwanese Network Attached Storage (NAS) device maker disclosed three vulnerabilities that can lead to an authentication bypass, command injection, and SQL injection. While the last two require the attackers to be authenticated on the target system, which significantly lessens the risk, the first (CVE-2024-21899) can be executed remotely without authentication and is marked as &#8221;low complexity<\/p>\n\n\n\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/qnap-warns-of-critical-auth-bypass-flaw-in-its-nas-devices\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/qnap-warns-of-critical-auth-bypass-flaw-in-its-nas-devices\/<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>QNAP varoittaa haavoittuvuuksista sen NAS-ohjelmistotuotteissa, mukaan lukien QTS, QuTS hero, QuTScloud ja myQNAPcloud, jotka saattavat sallia hy\u00f6kk\u00e4\u00e4jien p\u00e4\u00e4syn laitteisiin. Taiwanilainen [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[9],"tags":[15],"class_list":["post-951","post","type-post","status-publish","format-standard","hentry","category-security","tag-tietoturva"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/posts\/951","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/comments?post=951"}],"version-history":[{"count":0,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/posts\/951\/revisions"}],"wp:attachment":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/media?parent=951"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/categories?post=951"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/tags?post=951"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}