Synology, QNAP, TrueNAS Address Vulnerabilities Exploited at Pwn2Own Ireland

Share This Post

Synology, QNAP and TrueNAS have started patching and mitigating the vulnerabilities exploited recently at Pwn2Own Ireland 2024.

Participants earned a total of more than $1 million at the Pwn2Own Ireland 2024 hacking competition organized by Trend Micro’s Zero Day Initiative (ZDI) last week. White hat hackers successfully demonstrated exploit chains targeting cameras, printers, NAS devices, smart speakers, and smartphones.

Some of the vendors whose products were targeted during the competition went to work immediately after the researchers shared the details of their exploits, and a few of the more than 70 demonstrated flaws have already been patched.

Synology has published two advisories to inform customers that critical vulnerabilities exploited at Pwn2Own against its data storage products have been patched. Specifically, the vendor fixed remote code execution vulnerabilities in Photos for DMS and BeePhotos for BeeStation.

Synology product exploits earned participants a total of $260,000 at Pwn2Own.

QNAP on Monday released an advisory to inform customers that it has patched CVE-2024-50388, a critical OS command injection vulnerability in the HBS 3 Hybrid Backup Sync data backup and disaster recovery solution. The flaw can be exploited for remote command execution. 

The security hole was reported by Viettel Cyber Security, the team that won Pwn2Own Ireland 2024 and earned a total of $205,000 for its exploits.

QNAP router and NAS product exploits earned participants $350,000, but much of the amount was paid out for exploit chains that targeted products from other vendors as well. 

Advertisement. Scroll to continue reading.

TrueNAS has also published an advisory to address Pwn2Own results. The company has started working on patches, but informed customers that the vulnerabilities were demonstrated against default, non-hardened installations, and following recommendations outlined in TrueNAS’s security guidance significantly reduces exposure. 

Related: VMware Patches Vulnerabilities Exploited at Pwn2Own 2024

Related: Hackers Earn $1.3M for Tesla, EV Charger, Infotainment Exploits at Pwn2Own Automotive

Related: Google Patches Chrome Flaw That Earned Hackers $42,500 at Pwn2Own

Related: Mozilla Patches Firefox Zero-Days Exploited at Pwn2Own

This post was originally published on this site

More Articles
Article

Navigating SEC Regulations In Cybersecurity And Incident Response

Free video resource for cybersecurity professionals. As 2024 approaches, we all know how vital it is to keep up to date with regulatory changes that affect our work. We get it – it’s a lot to juggle, especially when you’re in the trenches working on an investigation, handling, and responding to incidents.

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .