QNAP asks users to mitigate critical Apache HTTP Server bugs


Level 37
Thread author
Top Poster
Feb 4, 2016
QNAP has asked customers to apply mitigation measures to block attempts to exploit Apache HTTP Server security vulnerabilities impacting their network-attached storage (NAS) devices.

The flaws (tracked as CVE-2022-22721 and CVE-2022-23943) were tagged as critical with severity base scores of 9.8/10 and impact systems running Apache HTTP Server 2.4.52 and earlier.
As revealed by NVD analysts' evaluation [1, 2], unauthenticated attackers can exploit the vulnerabilities remotely in low complexity attacks without requiring user interaction.

QNAP is currently investigating the two security bugs and plans to release security updates in the near future.

"CVE-2022-22721 affects 32-bit QNAP NAS models, and CVE-2022-23943 affects users who have enabled mod_sed in Apache HTTP Server on their QNAP device," the Taiwan-based NAS maker explained.
"We are thoroughly investigating the two vulnerabilities that affect QNAP products, and will release security updates as soon as possible."
  • Like
Reactions: Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.