{"id":4318,"date":"2023-02-01T10:08:36","date_gmt":"2023-02-01T09:08:36","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=4318"},"modified":"2023-02-01T10:08:36","modified_gmt":"2023-02-01T09:08:36","slug":"qnap-nas-sql-kriticna-ranjivost","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2023\/02\/01\/qnap-nas-sql-kriticna-ranjivost\/","title":{"rendered":"QNAP NAS SQL kriti\u010dna ranjivost"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\"><em>QNAP NAS SQL <\/em>kriti\u010dna ranjivost je prisila kompaniju <em>QNAP<\/em> da objavi novo upozorenje korisnicima <em>NAS<\/em> ure\u0111aja na ranjivost koja omogu\u0107ava ubacivanje proizvoljnog k\u00f4da.<\/span><\/p>\n<div id=\"attachment_4323\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4323\" class=\"size-full wp-image-4323\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/02\/qnap-nas-sql.jpg\" alt=\"QNAP NAS SQL \" width=\"1024\" height=\"609\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/02\/qnap-nas-sql.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/02\/qnap-nas-sql-300x178.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/02\/qnap-nas-sql-768x457.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/02\/qnap-nas-sql-18x12.jpg 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-4323\" class=\"wp-caption-text\">QNAP NAS SQL kriti\u010dna ranjivost, Dizajn: Sa\u0161a \u0110uri\u0107<\/p><\/div>\n<p><span style=\"font-size: 14pt;\">Ranjivost je ozna\u010dena kao <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-27596\" target=\"_blank\" rel=\"noopener\"><em>CVE-2022-27596<\/em><\/a> (ocjena ranjivosti <em>CVSS 9.8<\/em>), koja omogu\u0107ava <em>SQL<\/em> injekciju koja poga\u0111a <em>QuTS<\/em> hero i <em>QTS<\/em>, konkretno ure\u0111aje sa verzijom <em>QTS 5.0.1<\/em> i <em>QuTS hero h5.0.1<\/em>, kako je navedeno u <a href=\"https:\/\/www.qnap.com\/en\/security-advisory\/qsa-23-01\" target=\"_blank\" rel=\"noopener\">objavi kompanije<\/a>. Navedena ranjivost je laka za iskori\u0161tavanje i ne zahtjeva djelovanje korisnika ili posebne korisni\u010dke privilegije.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Kompanija <em>QNAP<\/em> je objavila a\u017euriranje i savjetuje svim korisnicama da a\u017euriraju svoje <em>NAS<\/em> ure\u0111aje na <em>QTS 5.0.1.2234 build 20221201<\/em> i novije, odnosno <em>QuTS hero h5.0.1.2248 build 20221215<\/em> i novije. Savjetuje se korisnicima da ova a\u017euriranja primjene \u0161to prije i bez odlaganja kako im ure\u0111aji ne bi bili <a href=\"https:\/\/sajberinfo.com\/en\/2022\/01\/26\/deadbolt-ransomware-napada-qnap-nas-uredjaje\/\" target=\"_blank\" rel=\"nofollow noopener\">zara\u017eeni <em>ransomware<\/em>-om<\/a> ili nekim drugim zlonamjernim softverom.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Procedura za a\u017euriranje je slijede\u0107a:<\/span><\/p>\n<ol>\n<li><span style=\"font-size: 14pt;\">Prijava na ure\u0111aj sa administratorskim nalogom.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Oti\u0107i na <em>Control Panel<\/em> &gt; <em>System<\/em> &gt; <em>Firmware Update<\/em>.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Pod opcijom <em>Live Update<\/em> izabrati <em>Check for Update<\/em>.<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">Preuzimanje i instalacija najnovijeg a\u017euriranja.<\/span><\/li>\n<\/ol>\n<p><span style=\"font-size: 14pt;\">Korisnici mogu tako\u0111er preuzeti a\u017euriranje sa stranice za podr\u0161ku proizvo\u0111a\u010da, tako \u0161to \u0107e oti\u0107i na <em>Support<\/em> &gt; <a href=\"https:\/\/www.qnap.com\/en\/download\" target=\"_blank\" rel=\"noopener\"><em>Download Center<\/em><\/a> i pokrenuti ru\u010dno a\u017euriranje ure\u0111aja.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Korisnicima se savjetuje da onemogu\u0107e direktni pristup <em>NAS<\/em> ure\u0111ajima sa Interneta, a da za daljinski pristup <a href=\"https:\/\/sajberinfo.com\/en\/2021\/10\/17\/vpn-sigurno-mrezno-povezivanje\/\" target=\"_blank\" rel=\"nofollow noopener\">koriste <em>VPN<\/em><\/a>.<\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>QNAP NAS SQL kriti\u010dna ranjivost je prisila kompaniju QNAP da objavi novo upozorenje korisnicima NAS ure\u0111aja na ranjivost koja omogu\u0107ava ubacivanje proizvoljnog k\u00f4da. Ranjivost je ozna\u010dena kao CVE-2022-27596 (ocjena ranjivosti CVSS 9.8), koja omogu\u0107ava&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":4323,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[132,133,233,126],"class_list":["post-4318","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-qnap","tag-ransomware","tag-sql","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4318","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=4318"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4318\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/4323"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=4318"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=4318"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=4318"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}