Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
High
Network-attached storage (NAS) maker QNAP released security updates to address vulnerabilities that could enable attackers to take control of unpatched NAS devices following successful exploitation. Eight vulnerabilities have been patched today by QNAP that affect all QNAP NAS devices running vulnerable software.
Four vulnerabilities have been reported to affect earlier versions of QTS and QuTS hero.
CVE-2020-2495 & CVE-2020-2496: If exploited, these cross-site scripting vulnerabilities could allow remote attackers to inject malicious code in File Station.
CVE-2020-2497: If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in System Connection Logs.
CVE-2020-2498: If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration.
CVE-2020-2494: This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code.
CVE-2020-2493: Found in QNAP NAS running Multimedia Console, this cross-site scripting vulnerability in Multimedia Console allows remote attackers to inject malicious code.
CVE-2020-2491: This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code.
CVE-2019-7198: Found in all QNAP NAS devices, this command injection vulnerability allows attackers to execute arbitrary commands in a compromised application.
These vulnerabilities have been fixed in the following versions: Update to latest patched versions.
QTS and QuTS hero. (Multiple Vulnerabilities)
https://www.qnap.com/en/security-advisory/qsa-20-12
Music Station:
https://www.qnap.com/en/security-advisory/qsa-20-13
Multimedia Console:
https://www.qnap.com/en/security-advisory/qsa-20-14
Photo Station:
https://www.qnap.com/en/security-advisory/qsa-20-15
QTS and QuTS hero: (command injection)