Network-attached storage (NAS) maker QNAP is investigating and working on security updates to address remote code execution (RCE) and denial-of-service (DoS) vulnerabilities patched by OpenSSL last week.
The security flaws tracked as
CVE-2021-3711 and
CVE-2021-3712, impact QNAP NAS device running QTS, QuTS hero, QuTScloud, and HBS 3 Hybrid Backup Sync (a backup and disaster recovery app), according to advisories [
1,
2] published earlier today.
The
heap-based buffer overflow in the SM2 cryptographic algorithm behind CVE-2021-3711 would likely lead to crashes but can also be abused by attackers for arbitrary code execution.