Surge in Attention Towards Critical Vulnerabilities in QNAP QTS and NAS Services (CVE-2023-23368, CVE-2023-23369)


QNAP recently published advisories for two critical command injection vulnerabilities, tracked as CVE-2023-23368 and CVE-2023-23369. These vulnerabilities affect the QTS operating system, QuTS hero, QuTScloud, and several other applications on QNAP NAS (Network-Attached Storage) devices.

The vulnerabilities were disclosed in QNAP’s advisory on November 4, 2023, and since then, there have been observations of increased activity related to them.

“There is no surprise here: an anomalous increase in interest in QNAP due to the recently announced critical vulnerabilities (CVE-2023-23369, CVE-2023-23368),” @NTKramer on X states.

Read more…