![\"\"](\"https:\/\/www.ioiotimes.com\/wordpress\/wp-content\/uploads\/2024\/05\/20240523-qnap.jpg\" "\\"\\"")
<\/figure><\/div>\n\n\n<\/p>\n\n\n\n
\u89e3\u6c7a\u5831\u544a\u4e2d\u7684QTS\u5f31\u9ede<\/strong><\/p>\n\n\n\n \u6211\u5011\u611f\u8b1d\u5b89\u5168\u7814\u7a76\u4eba\u54e1\u5728\u8b58\u5225\u6211\u5011\u7522\u54c1\u6f5b\u5728\u5f31\u9ede\u65b9\u9762\u6240\u4f5c\u7684\u52aa\u529b\u3002\u5831\u544a\u4e2d\u7684 15 \u500b\u5f31\u9ede\uff0c\u6211\u5011\u5df2\u7d93\u70ba\u78ba\u8a8d\u7684\u5f31\u9ede\u6307\u6d3e\u4e86 CVE ID\u3002\u6240\u6709\u78ba\u8a8d\u7684\u5f31\u9ede\uff08CVE-2024-21902\uff0cCVE-2024-27127\uff0cCVE-2024-27128\uff0cCVE-2024-27129\uff0cCVE-2024-27130\uff09\u5df2\u65bc\u4eca\u65e5\uff08\u53f0\u5317\u6642\u9593 5 \u6708 21 \u65e5\uff09\u65bc\u6700\u65b0\u7684 QTS 5.1.7 \/ QuTS hero h5.1.7 \u53ef\u7528\u7248\u672c\u4e2d\u7372\u5f97\u89e3\u6c7a\u3002<\/p>\n\n\n\n \u8a73\u7d30\u5982\u4e0b\uff1a<\/p>\n\n\n\n <\/p>\n\n\n\n CVE-2024-27130\u5f31\u9ede<\/strong><\/p>\n\n\n\n WatchTowr ID WT-2023-0054 \u5831\u544a\u4e2d\u516c\u5e03\u7684 CVE-2024-27130 \u5f31\u9ede\u662f\u7531\u65bc\u5728 No_Support_ACL \u529f\u80fd\u4e2d\u4e0d\u5b89\u5168\u5730\u4f7f\u7528 ‘strcpy’ \u51fd\u6578\u6240\u81f4\uff0c\u8a72\u529f\u80fd\u88ab share.cgi script \u4e2d\u7684 get_file_size \u8acb\u6c42\u6240\u4f7f\u7528\u3002\u7576\u8207\u5916\u90e8\u7528\u6236\u5206\u4eab\u5a92\u9ad4\u6642\uff0c\u5c07\u4f7f\u7528\u6b64 script\u3002\u8981\u5229\u7528\u6b64\u5f31\u9ede\uff0c\u653b\u64ca\u8005\u9700\u8981\u6709\u6548\u7684 ‘ssid’ \u53c3\u6578\uff0c\u8a72\u53c3\u6578\u662f\u7576 NAS \u7528\u6236\u5f9e\u5176 QNAP \u8a2d\u5099\u5206\u4eab\u6a94\u6848\u6642\u751f\u6210\u7684\u3002<\/p>\n\n\n\n \u6211\u5011\u5e0c\u671b\u5411\u6211\u5011\u7684\u7528\u6236\u4fdd\u8b49\uff0c\u6240\u6709\u7684 QTS 4.x \u548c 5.x \u7248\u672c\u90fd\u555f\u7528\u4e86\u4f4d\u5740\u7a7a\u9593\u914d\u7f6e\u96a8\u6a5f\u8f09\u5165\uff08Address space layout randomization\uff0cASLR\uff09\u3002ASLR \u986f\u8457\u589e\u52a0\u4e86\u653b\u64ca\u8005\u5229\u7528\u6b64\u5f31\u9ede\u7684\u96e3\u5ea6\u3002\u56e0\u6b64\uff0c\u6211\u5011\u5c07\u5176\u56b4\u91cd\u6027\u8a55\u4f30\u70ba\u4e2d\u7b49\u3002\u5118\u7ba1\u5982\u6b64\uff0c\u6211\u5011\u5f37\u70c8\u5efa\u8b70\u7528\u6236\u7acb\u5373\u66f4\u65b0\u81f3 QTS 5.1.7 \/ QuTS hero h5.1.7\uff0c\u4ee5\u78ba\u4fdd NAS \u7cfb\u7d71\u53d7\u5230\u4fdd\u8b77\u3002<\/p>\n\n\n\n <\/p>\n\n\n\n \u5c0d\u5b89\u5168\u7684\u627f\u8afe<\/strong><\/p>\n\n\n\n QNAP PSIRT \u4e00\u76f4\u4ee5\u4f86\u7a4d\u6975\u5730\u8207\u5b89\u5168\u7814\u7a76\u4eba\u54e1\u5408\u4f5c\uff0c\u5c0d\u5f31\u9ede\u9032\u884c\u5206\u985e\u548c\u4fee\u5fa9\u3002\u5c0d\u65bc\u53ef\u80fd\u767c\u751f\u7684\u7522\u54c1\u767c\u5e03\u6642\u9593\u8868\u548c\u9019\u4e9b\u5f31\u9ede\u62ab\u9732\u4e4b\u9593\u7684\u5354\u8abf\u554f\u984c\uff0c\u6211\u5011\u6df1\u611f\u907a\u61be\u3002\u6211\u5011\u6b63\u5728\u63a1\u53d6\u63aa\u65bd\u6539\u9032\u6211\u5011\u7684\u6d41\u7a0b\u548c\u5354\u8abf\uff0c\u4ee5\u9632\u6b62\u985e\u4f3c\u554f\u984c\u518d\u6b21\u767c\u751f\u3002<\/p>\n\n\n\n \u672a\u4f86\uff0c\u5c0d\u65bc\u88ab\u5206\u985e\u70ba\u9ad8\u6216\u95dc\u9375\u56b4\u91cd\u6027\u7684\u5f31\u9ede\uff0c\u6211\u5011\u627f\u8afe\u5728 45 \u5929\u5167\u5b8c\u6210\u4fee\u5fa9\u4e26\u767c\u5e03\u4fee\u5fa9\u7a0b\u5f0f\u3002\u5c0d\u65bc\u4e2d\u7b49\u56b4\u91cd\u6027\u7684\u5f31\u9ede\uff0c\u6211\u5011\u5c07\u5728 90 \u5929\u5167\u5b8c\u6210\u4fee\u5fa9\u4e26\u767c\u5e03\u4fee\u5fa9\u7a0b\u5f0f\u3002<\/p>\n\n\n\n \u5c0d\u6b64\u53ef\u80fd\u5f15\u8d77\u7684\u4efb\u4f55\u4e0d\u4fbf\uff0c\u6211\u5011\u6df1\u8868\u6b49\u610f\uff0c\u4e26\u627f\u8afe\u4e0d\u65b7\u589e\u5f37\u6211\u5011\u7684\u5b89\u5168\u63aa\u65bd\u3002\u6211\u5011\u7684\u76ee\u6a19\u662f\u8207\u5168\u7403\u7684\u7814\u7a76\u4eba\u54e1\u5bc6\u5207\u5408\u4f5c\uff0c\u78ba\u4fdd\u6211\u5011\u7522\u54c1\u7684\u6700\u9ad8\u5b89\u5168\u54c1\u8cea\u3002<\/p>\n\n\n\n \u70ba\u4e86\u4fdd\u8b77\u60a8\u7684 NAS \u7cfb\u7d71\u8207\u8cc7\u6599\uff0c\u6211\u5011\u5efa\u8b70\u5b9a\u671f\u5c07\u7cfb\u7d71\u66f4\u65b0\u81f3\u6700\u65b0\u7248\u672c\u4ee5\u7372\u5f97\u6700\u65b0\u7684\u5f31\u9ede\u4fee\u5fa9\u3002\u60a8\u53ef\u4ee5\u67e5\u770b\u7522\u54c1\u652f\u63f4\u72c0\u614b<\/a>\u4e86\u89e3\u60a8\u7684 NAS \u578b\u865f\u7684\u6700\u65b0\u66f4\u65b0\u3002<\/p>\n\n\n\n <\/p>\n\n\n\n <\/p>\n\n\n\n \u5a01\u806f\u901a\u00ae\u79d1\u6280\uff08QNAP\uff09\u81f4\u529b\u65bc\u7dad\u8b77\u7522<\/p>\n","protected":false},"author":3,"featured_media":68941,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[13],"tags":[580,298,9716,146],"class_list":["post-68932","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-focus","tag-qnap","tag-watchtowr-labs","tag-146"],"_links":{"self":[{"href":"https:\/\/www.ioiotimes.com\/index.php?rest_route=\/wp\/v2\/posts\/68932"}],"collection":[{"href":"https:\/\/www.ioiotimes.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ioiotimes.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ioiotimes.com\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ioiotimes.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=68932"}],"version-history":[{"count":3,"href":"https:\/\/www.ioiotimes.com\/index.php?rest_route=\/wp\/v2\/posts\/68932\/revisions"}],"predecessor-version":[{"id":68942,"href":"https:\/\/www.ioiotimes.com\/index.php?rest_route=\/wp\/v2\/posts\/68932\/revisions\/68942"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ioiotimes.com\/index.php?rest_route=\/wp\/v2\/media\/68941"}],"wp:attachment":[{"href":"https:\/\/www.ioiotimes.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=68932"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ioiotimes.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=68932"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ioiotimes.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=68932"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
\ud83d\udfe6\u73fe\u5728\u5c31\u52a0\u5165 ioioTIMES \u81c9\u66f8\u7c89\u7d72\u5718<\/a> \u66f4\u591a\u4e92\u52d5\u3001\u66f4\u591a\u597d\u5eb7\u650f\u62b5\u52a0!!<\/strong>
\ud83d\udfe6\u6211\u5011\u6709LINE TODAY<\/a>\u983b\u9053\u4e86\uff0c\u5feb\u4f86\u8ffd\u8e2a\u6211\u5011\u5427!!–\u6700\u65b0\u79d1\u6280\u65b0\u805e \u76e1\u5728\u4f60\u624b<\/strong><\/h4>\n","protected":false},"excerpt":{"rendered":"