The Taiwanese vendor QNAP has released security updates to fix eight vulnerabilities that could be exploited by attackers to over unpatched NAS devices.
The high-severity vulnerabilities tracked as CVE-2020-2495, CVE-2020-2496, CVE-2020-2497, and CVE-2020-2498 are cross-side-scripting flaws that could allow remote attackers to inject malicious code in File Station, to inject malicious code in System Connection Logs, and to inject malicious code in certificate configuration.
Other high severity issues fixed by the vendor are:
- CVE-2020-2493 – Cross-site Scripting Vulnerability in Multimedia Console
- CVE-2020-2491 – Cross-site Scripting Vulnerability in Photo Station