{"id":33462,"date":"2024-03-12T06:24:13","date_gmt":"2024-03-12T05:24:13","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=33462"},"modified":"2024-03-12T06:24:13","modified_gmt":"2024-03-12T05:24:13","slug":"critical-vulnerability-cve-2024-21899-allows-qnap-nas-access-without-authentication","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2024\/03\/12\/critical-vulnerability-cve-2024-21899-allows-qnap-nas-access-without-authentication\/","title":{"rendered":"Critical vulnerability CVE-2024-21899 allows QNAP NAS access without authentication"},"content":{"rendered":"

\"Sicherheit[German<\/a>]Owners of QNAP NAS drives are at risk from the critical vulnerability CVE-2024-21899. This allows access to devices without requiring authentication via username and password. The manufacturer has released security updates to its vulnerable operating systems to close the vulnerability.<\/p>\n

<\/p>\n

\"\"I came across a tweet with the content \"CVE-2024-21899 (CVSS 9.8): Critical QNAP Flaw Opens Door to Hackers This bug means attackers can slither into your NAS without needing a username or password.<\/em>\" brought the issue to my attention. According to the tweet, more than 3 million devices have been found that have the vulnerability and are accessible via the Internet. The colleagues from Bleeping Computer have published this article<\/a> on the subject. QNAP has published the security advisory qsa-24-09: Multiple Vulnerabilities in QTS, QuTS hero, QuTScloud, and myQNAPcloud<\/a> on March 9, 2024. In the products listed below:<\/p>\n

QTS 5.1.x, 4.5.x; QuTS hero h5.1.x, h4.5.x; QuTScloud c5.x; myQNAPcloud 1.0.x<\/p><\/blockquote>\n

there are the critical vulnerabilities:<\/p>\n