威聯通修補路由器OS與NAS加值軟體重大漏洞
支付動態 · 2024-11-26
上週威聯通(QNAP)發布資安公告,其中最值得留意的是,NAS協作應用程式Notes Station 3、路由器作業系統QuRouter存在重大層級的漏洞,相當危險,用戶應儘速套用相關更新
11月23日臺灣網路設備業者威聯通(QNAP)發布資安公告,針對旗下產品修補超過30項漏洞,其中,路由器作業系統QuRouter、NAS協作應用程式Notes Station 3存在重大層級漏洞,相當值得留意。
根據CVSS風險評分,最嚴重的是CVE-2024-48860,此漏洞出現於QuRouter,為作業系統命令注入漏洞,一旦攻擊者成功利用,就有機會遠端執行命令,4.0版CVSS評分為9.5。
另外2個重大漏洞CVE-2024-38643、CVE-2024-38645,出現在Notes Station 3,其中較嚴重的是CVE-2024-38645,此為伺服器請求偽造(SSRF)漏洞,若是攻擊者成功利用漏洞,有機會在通過身分驗證的情況下,遠端讀取應用程式資料,風險值為9.4。
至於CVE-2024-38643則與重要功能缺乏身分驗證有關,一旦攻擊者觸發漏洞,就可能遠端存取並執行特定的功能,CVSS風險為9.3。
Popular articles
Brazil Proposes Raising Gambling Tax Rate to 24%, With Revenue Allocated to Social Security and Healthcare
Regulation
Indiana online casino bill stalls in House committee
Regulation
1spin4win grows its Latin American presence by partnering with Fortuna Juegos
Online Game
SBC Summit Canada to Make Player Safety a Key Pillar of 2026 Agenda
Marketing
Vietnam's tightening online gaming policy creates new market opportunities
Southeast Asia
GAT Expo Puerto Rico Will Pulse with the New Era of Gaming in the Caribbean
Marketing
British gambling levy rates confirmed for each vertical
Regulation
Kazakhstan plans to penalise online casino promotions
Regulation
Institutional Academy that exceeded expectations marked the opening of GAT CDMX
Online Game
UK MPs reopen 2025 gambling inquiry as reform stalls
Regulation
Are you ready to maximize your earnings? Try ProPush.me Constructor!
Marketing
Super PAC Raises $48 Million: Sports Betting Forces Ramp Up Political Push
Regulation
1spin4win releases unique slot Don Catleone Hold and Win featuring gangster cats
Online Game
Vietnam’s Controlled Gaming Shift Gains Ground, But Domestic Demand Still Lags
Southeast Asia
B2B Tech Infrastructure Gains Momentum in Philippine Gaming Sector
Southeast Asia
