QNAP asks users to mitigate critical Apache HTTP Server bugs

LASER_oneXM

Level 37
Thread author
Verified
Top poster
Well-known
Feb 4, 2016
2,520
QNAP has asked customers to apply mitigation measures to block attempts to exploit Apache HTTP Server security vulnerabilities impacting their network-attached storage (NAS) devices.

The flaws (tracked as CVE-2022-22721 and CVE-2022-23943) were tagged as critical with severity base scores of 9.8/10 and impact systems running Apache HTTP Server 2.4.52 and earlier.
As revealed by NVD analysts' evaluation [1, 2], unauthenticated attackers can exploit the vulnerabilities remotely in low complexity attacks without requiring user interaction.

QNAP is currently investigating the two security bugs and plans to release security updates in the near future.

"CVE-2022-22721 affects 32-bit QNAP NAS models, and CVE-2022-23943 affects users who have enabled mod_sed in Apache HTTP Server on their QNAP device," the Taiwan-based NAS maker explained.
"We are thoroughly investigating the two vulnerabilities that affect QNAP products, and will release security updates as soon as possible."
 
  • Like
Reactions: Gandalf_The_Grey