QNAP has released fixes for medium-severity flaws affecting QTS and QuTS hero on NAS appliances, including vulnerabilities like incorrect permission assignment, double free vulnerability, and buffer overflow vulnerabilities. The vulnerabilities, discovered by Aliz Hammond from WatchTowr Labs, could lead to code execution on the network-attached storage devices. The patches have been rolled out for QTS 5
1.x and QuTS hero h5.1.x, addressing issues such as CVE-2024-21902, CVE-2024-27127, CVE-2024-27128, CVE-2024-27129, and CVE-2024-27130. QNAP has taken steps to enhance security measures and is dedicated to collaborating with researchers globally. It is recommended that users promptly update to the latest versions of QTS and QuTS hero to mitigate potential cybersecurity threats. ```https://thehackernews.com/2024/05/qnap-patches-new-flaws-in-qts-and-quts.html