Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. High-Severity Vulnerability in QNAP NAS
Alerts

High-Severity Vulnerability in QNAP NAS

30 March 2023

QNAP is in the process of releasing security updates for its Linux-based network attached storage (NAS) devices to address a high-severity vulnerability (CVE-2023-22809). 

Successful exploitation of the vulnerability on devices using Sudo versions 1.8.0 through 1.9.12p1 could allow a local attacker to escalate privileges.

The vulnerability affects the following QNAP operating systems:

  • QTS

  • QuTS hero 

  • QuTScloud

  • QVP (QVR Pro appliances)

Users and administrators of affected product versions are advised to refer to QNAP's security advisory (https://www.qnap.com/en/security-advisory/qsa-23-11) and promptly update to the latest version as soon as it is available.

More information is available here:
https://www.bleepingcomputer.com/news/security/qnap-warns-customers-to-patch-linux-sudo-flaw-in-nas-devices/
https://www.qnap.com/en/security-advisory/qsa-23-11

Back to top