Colin Mc Hugo

0 %
Colin Mc Hugo
Security Engineer Manager & CEO at Quantum Infinite Solutions Group Ltd.

QNAP Advises Users to Update NAS Firmware to Patch Apache HTTP Vulnerabilities

April 22, 2022

Network-attached storage space (NAS) home appliance manufacturer QNAP on Thursday claimed it’s examining its schedule for prospective influence emerging from 2 safety and security susceptabilities that were dealt with in the Apache HTTP web server last month.

The important defects, tracked as CVE-2022-22721 and CVE-2022-23943, are ranked 9.8 for extent on the CVSS racking up system as well as influence Apache HTTP Web server variations 2.4.52 as well as earlier –

  • CVE-2022-22721 – Feasible barrier overflow with huge or limitless LimitXMLRequestBody
  • CVE-2022-23943 – Out-of-bounds Compose susceptability in mod_sed of Apache HTTP Web Server

Both the susceptabilities, together with CVE-2022-22719 as well as CVE-2022-22720, were remediated by the job maintainers as component of version 2.4.53, which was delivered on March 14, 2022.


” While CVE-2022-22719 as well as CVE-2022-22720 do not impact QNAP items, CVE-2022-22721 impacts 32-bit QNAP NAS versions, as well as CVE-2022-23943 impacts individuals that have actually made it possible for mod_sed in Apache HTTP Web Server on their QNAP tool,” the Taiwanese firm said in a sharp released today.

In the lack of easily offered safety and security updates, QNAP has actually supplied workarounds, consisting of “maintaining the default worth ‘1M’ for LimitXMLRequestBody” as well as disabling mod_sed, including that the mod_sed attribute is disabled by default in Apache HTTP Web server on NAS tools running the QTS os.

The advisory comes virtually a month after it revealed that it’s functioning to settle a boundless loophole susceptability in OpenSSL (CVE-2022-0778, CVSS rating: 7.5) as well as launched spots for the Dirty Pipeline Linux defect (CVE-2022-0847, CVSS rating: 7.8).

Posted in SecurityTags:
Write a comment