A benchmark test uncovered some critical vulnerabilities in thousands of QNAP devices

Tens of thousands of internet-connected QNAP devices were found to be carrying two severe vulnerabilities which could have allowed threat actors to execute arbitrary code.

Cybersecurity researchers from Sternum used their runtime protection benchmark product on QNAP TS-230 NAS device, and as soon as the product was activated, it started alerting the researchers to “multiple memory access violations”. 

“In this case, the reason for the alert was multiple out-of-bounds read and write requests, performed by several memcpy functions,” the researchers explained.

Out of bounds issues

Detailing their findings, the researchers said that in the source file api-cpp, the int iface_status2interface_status function contained a memcpy call with a constant size of 46, but as the source string content for the call was an IPv6 address (which can have 39 bytes max), this leads to a potential out-of-bounds (OOB) issue. 

Furthermore, the NetworkInterface.cpp source file has the get_interface_slaac_info function with four memcpy calls with the copy size 46, which copies JSON values from buffers returned by Json::Value::asCString. The string buffers were often shorter than 46, the researcher said, which causes potential OOB issues in all four memcpy calls.

After notifying QNAP of their findings, the company acknowledged the issues and released two CVEs: CVE-2022-27597, and CVE-2022-27598. These show that the flaws affected four operating systems:  QTS, QuTS hero, QuTScloud, and QVP (QVR Pro appliances). The severity scores for these two vulnerabilities have not yet been assigned. 

By conservative estimate, Sternum says, more than 80,000 connected devices worldwide are affected by these two zero-day vulnerabilities. 

The patch that QNAP released already fixed the flaws in QTS 5.0.1.2346 build 20230322 (and later), and QuTS hero h5.0.1.2348 build 20230324 (and later).



from TechRadar - All the latest technology news https://ift.tt/VDxd5C2
Share:

No comments:

Post a Comment

Categories

Rove Reviews Youtube Channel

  1. Subscribe to our youtube channel
  2. Like our videos and share them too.
  3. Our youtube channel name Rove reviews.

WITNUX

This website is made by Witnux LLC. This website provides you with all the news feeds related to technology from large tech media industries like GSM Arena, NDTV, Gadgets 360, Firstpost and many other such ates altogether at technical depicts so that you need not go to several sites to view their post provide you advantantage of time.

From the developer
Tanzeel Sarwar

OUR OTHER NETWORKS

OUR YOUTUBE CHANNEL

ROVE REVIEWS PLEASE SUBSCRIBE

OUR FACEBOOK PAGE

The Rove Reviews

Support

Trying our best to provide you the best DONATE or SUPPORTour site Contact me with details how are you gonna help us