silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,218
Read more: QNAP fixes critical flaws that could lead to device takeoverQNAP has addressed two critical security vulnerabilities in the Helpdesk app that could enable potential attackers to take over unpatched QNAP network-attached storage (NAS) devices.
Helpdesk is the built-in app that comes with QNAP's NAS devices and allows admins to submit help requests to the QNAP support team over the Internet.
The app also comes with a remote support feature that allows remotely connecting to the device with the owner's permission.
The two Helpdesk security issues QNAP fixed are tracked as CVE-2020-2506 and CVE-2020-2507 according to a security advisory published today.
They're both improper access control vulnerabilities that "could allow attackers to obtain control of a QNAP device" if successfully exploited.
QNAP says that it has fixed these security flaws in Helpdesk 3.0.3 and later and that, given the bugs' severity rating, customers should update the app to the latest available version as soon as possible.