Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 18, 2023
Severity Medium Analysis Summary Lumma is an information stealer that is sold as a Malware-as-a-Service (MaaS) on Russian-speaking underground forums and Telegram. Lumma is an information […]September 18, 2023Severity Medium Analysis Summary CVE-2023-4948 CVSS:4.3 WooCommerce CVR Payment Gateway Plugin for WordPress could allow a remote attacker to bypass security restrictions, caused by missing capability […]September 18, 2023Severity High Analysis Summary Microsoft has stated that a ransomware group working with an initial access broker has recently started using Microsoft Teams for their phishing […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
September 18, 2023Severity Medium Analysis Summary Lumma is an information stealer that is sold as a Malware-as-a-Service (MaaS) on Russian-speaking underground forums and Telegram. Lumma is an information […]September 18, 2023Severity Medium Analysis Summary CVE-2023-4948 CVSS:4.3 WooCommerce CVR Payment Gateway Plugin for WordPress could allow a remote attacker to bypass security restrictions, caused by missing capability […]September 18, 2023Severity High Analysis Summary Microsoft has stated that a ransomware group working with an initial access broker has recently started using Microsoft Teams for their phishing […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Alert – Sodinokibi Ransomware – IoCs
December 8, 2020Rewterz Threat Alert – Spear Phishing Campaign Targeting Finance and Banking Industry
December 8, 2020
Severity
High
Analysis Summary
Network-attached storage (NAS) maker QNAP released security updates to address vulnerabilities that could enable attackers to take control of unpatched NAS devices following successful exploitation. Eight vulnerabilities have been patched today by QNAP that affect all QNAP NAS devices running vulnerable software.
Four vulnerabilities have been reported to affect earlier versions of QTS and QuTS hero.
CVE-2020-2495 & CVE-2020-2496: If exploited, these cross-site scripting vulnerabilities could allow remote attackers to inject malicious code in File Station.
CVE-2020-2497: If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in System Connection Logs.
CVE-2020-2498: If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration.
CVE-2020-2494: This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code.
CVE-2020-2493: Found in QNAP NAS running Multimedia Console, this cross-site scripting vulnerability in Multimedia Console allows remote attackers to inject malicious code.
CVE-2020-2491: This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code.
CVE-2019-7198: Found in all QNAP NAS devices, this command injection vulnerability allows attackers to execute arbitrary commands in a compromised application.
Impact
- Cross-site Scripting
- Code Execution
- Command Injection
- Device Takeover
Remediation
These vulnerabilities have been fixed in the following versions: Update to latest patched versions.
QTS and QuTS hero. (Multiple Vulnerabilities)
- QuTS hero h4.5.1.1472 build 20201031 and later
- QTS 4.5.1.1456 build 20201015 and later
- QTS 4.4.3.1354 build 20200702 and later
- QTS 4.3.6.1333 build 20200608 and later
- QTS 4.3.4.1368 build 20200703 and later
- QTS 4.3.3.1315 build 20200611 and later
- QTS 4.2.6 build 20200611 and later
https://www.qnap.com/en/security-advisory/qsa-20-12
Music Station:
- QuTS hero h4.5.1: Music Station 5.3.13 and later
- QTS 4.5.1: Music Station 5.3.12 and later
- QTS 4.4.3: Music Station 5.3.12 and later
https://www.qnap.com/en/security-advisory/qsa-20-13
Multimedia Console:
- Update to 1.1.5 and later.
https://www.qnap.com/en/security-advisory/qsa-20-14
Photo Station:
- QTS 4.5.1: Photo Station 6.0.12 and later
- QTS 4.4.3: Photo Station 6.0.12 and later
- QTS 4.3.6: Photo Station 5.7.12 and later
- QTS 4.3.4: Photo Station 5.7.13 and later
- QTS 4.3.3: Photo Station 5.4.10 and later
- QTS 4.2.6: Photo Station 5.2.11 and later
https://www.qnap.com/en/security-advisory/qsa-20-15
QTS and QuTS hero: (command injection)
- QuTS hero h4.5.1.1472 build 20201031 and later
- QTS 4.5.1.1456 build 20201015 and later
- QTS 4.4.3.1354 build 20200702 and later