Vulnerability in QNAP Malware Remover Allows Attacker to Execute Commands on NAS

A vulnerability in the Malware Remover from NAS manufacturer QNAP allows attackers to remotely execute arbitrary commands on the device. QNAP has released a security update to address the vulnerability.

The Malware Remover is a QNAP tool for removing malware from NAS systems. It has a real anti-virus database to detect and remove the various malware for QNAP NAS systems. The security tool is vulnerable to command injection, which could allow an attacker to remotely execute commands on the device.

The vulnerability, identified as CVE-2020-36198 , is present in Malware Remover 4.x and fixed in Malware Remover and later. Version 3.x of the tool is not vulnerable. Further details about the vulnerability, such as how an attacker could exploit it, are not provided.

Previous Post Next Post