Rewterz Threat Advisory – CVE-2023-39296 – QNAP, QTS, and QuTS hero Vulnerability

Rewterz Threat Alert – U.S. Infrastructure Targeted for 11 Months in Stealthy AsyncRAT Attacks – Active IOCs

January 9, 2024

Rewterz Threat Alert – “Stealc” – An Information Stealer Malware – Active IOCs

January 10, 2024

Rewterz Threat Advisory – CVE-2023-39296 – QNAP, QTS, and QuTS hero Vulnerability

Severity

High

Analysis Summary

CVE-2023-39296

QNAP QTS and QuTS hero are vulnerable to a denial of service, caused by a prototype pollution flaw. By sending a specially crafted request to override existing attributes, a remote attacker could exploit this vulnerability to cause the system to crash.

Impact

Denial of Service

Indicators Of Compromise

CVE

CVE-2023-39296

Affected Vendors

QNAP

Affected Products

QNAP QTS 5.1
QNAP QuTS hero h5.1

Remediation

Refer to QNAP Security Advisory for patch, upgrade or suggested workaround information.

QNAP Security Advisory

Rewterz Threat Alert – U.S. Infrastructure Targeted for 11 Months in Stealthy AsyncRAT Attacks – Active IOCs

Rewterz Threat Alert – “Stealc” – An Information Stealer Malware – Active IOCs

Rewterz Threat Advisory – CVE-2023-39296 – QNAP, QTS, and QuTS hero Vulnerability

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan