QNAP fixes critical flaws that could lead to device takeover

[silversurfer]

Content source

https://www.bleepingcomputer.com/news/security/qnap-fixes-critical-flaws-that-could-lead-to-device-takeover/

QNAP has addressed two critical security vulnerabilities in the Helpdesk app that could enable potential attackers to take over unpatched QNAP network-attached storage (NAS) devices.

Helpdesk is the built-in app that comes with QNAP's NAS devices and allows admins to submit help requests to the QNAP support team over the Internet.
The app also comes with a remote support feature that allows remotely connecting to the device with the owner's permission.

The two Helpdesk security issues QNAP fixed are tracked as CVE-2020-2506 and CVE-2020-2507 according to a security advisory published today.
They're both improper access control vulnerabilities that "could allow attackers to obtain control of a QNAP device" if successfully exploited.

QNAP says that it has fixed these security flaws in Helpdesk 3.0.3 and later and that, given the bugs' severity rating, customers should update the app to the latest available version as soon as possible.

Read more: QNAP fixes critical flaws that could lead to device takeover

 

[Ink]

What is QNAP, and why does it have a security risk attached to it every month..?