Rewterz Threat Alert – Lokibot Malware – Active IOCs
June 24, 2021Rewterz Threat Alert – DanaBot Trojan – Active IOCs
June 24, 2021Rewterz Threat Alert – Lokibot Malware – Active IOCs
June 24, 2021Rewterz Threat Alert – DanaBot Trojan – Active IOCs
June 24, 2021Severity
High
Analysis Summary
CVE-2021-28800
A command injection vulnerability has been reported to affect QNAP NAS running legacy versions of QTS. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application.
Impact
- Command Injection
- Unauthorized Access
Affected Vendors
QNAP
Affected Products
- Certain QNAP NAS
Remediation
- Log on to QTS or QuTS hero as administrator.
- Go to Control Panel > System > Firmware Update.
- Under Live Update, click Check for Update.
- QTS or QuTS hero downloads and installs the latest available update.
Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.