Cyber Security News

Critical Flaw in QNAP QuRouter, Immediate Update Recommended

Cyware

### #QNAPSecurity #QuRouterUpdate #CommandInjectionThreats

Summary: QNAP has issued a critical security advisory for its QuRouter network appliance, urging users to update their devices to mitigate severe vulnerabilities that could allow remote command execution. The vulnerabilities, CVE-2024-48860 and CVE-2024-48861, pose significant risks to device security.

Threat Actor: Unknown | unknown
Victim: QNAP Users | QNAP Users

Key Point :

  • Multiple vulnerabilities identified in QuRouter, including CVE-2024-48860 (CVSS 9.5) and CVE-2024-48861 (CVSS 7.3).
  • Remote attackers could exploit these vulnerabilities to execute arbitrary commands on affected devices.
  • QNAP recommends updating to QuRouter version 2.4.3.106 or later to address these issues.
  • Users are advised to regularly review device logs and use strong, unique passwords.
  • Limiting remote access to trusted networks is also recommended for enhanced security.

QNAP has issued a security advisory urging users of its QuRouter network appliance to update their devices immediately. The advisory addresses multiple vulnerabilities, including CVE-2024-48860 and CVE-2024-48861, which could allow remote attackers to execute arbitrary commands on vulnerable devices.

CVE-2024-48860 is a critical vulnerability with a CVSS score of 9.5, while CVE-2024-48861 is rated as high severity with a CVSS score of 7.3.

QNAP warns: “The command injection vulnerabilities could allow remote attackers to execute arbitrary commands.”

Affected Products:

  • QuRouter 2.4.x

Solution:

QNAP has released QuRouter version 2.4.3.106 and later to address these vulnerabilities. Users are strongly advised to update their devices as soon as possible.

How to Update:

Users can update their QuRouter devices by following these steps:

  1. Log in to QuRouter.

  2. Go to Firmware.

  3. Select Update now.

  4. Select Latest.

  5. Click Apply.

  6. Click Apply again to confirm.

QuRouter will then download and install the latest firmware.

Alternatively, users can manually update their devices by downloading the latest firmware from the QNAP Download Center and installing it through the Firmware > Manual Update option in QuRouter.

In addition to applying the firmware updates, QNAP users should:

  • Regularly review device logs for unusual activity.
  • Ensure strong, unique passwords are used for device access.
  • Limit remote access to trusted networks only.

Related Posts:

Source: https://securityonline.info/cve-2024-48860-cvss-9-5-critical-flaw-in-qnap-qurouter-immediate-update-recommended

Tags: VULNERABILITY, CVE, EXPLOIT