QNAP has asked customers to apply mitigation measures to block attempts to exploit Apache HTTP Server security vulnerabilities impacting their network-attached storage (NAS) devices.
The flaws (tracked as
CVE-2022-22721 and
CVE-2022-23943) were tagged as critical with severity base scores of 9.8/10 and impact systems running Apache HTTP Server 2.4.52 and earlier.
As revealed by NVD analysts' evaluation [
1,
2], unauthenticated attackers can exploit the vulnerabilities remotely in low complexity attacks without requiring user interaction.
QNAP is currently investigating the two security bugs and plans to release security updates in the near future.
"CVE-2022-22721 affects 32-bit QNAP NAS models, and CVE-2022-23943 affects users who have enabled mod_sed in Apache HTTP Server on their QNAP device," the Taiwan-based NAS maker
explained.
"We are thoroughly investigating the two vulnerabilities that affect QNAP products, and will release security updates as soon as possible."