QNAP Urges Users to Patch Critical Security Flaws in NAS Devices
- QNAP disclosed critical auth bypass, command injection, and SQL injection flaws in its NAS devices and software
- The auth bypass flaw allows unauthorized remote access without authentication
- Impacts various QTS, QuTS hero, QuTScloud, and myQNAPcloud versions
- Users should update to the listed patched versions
- NAS devices often store sensitive data and are common targets for attacks and extortion