Taipei, Taiwan, October 30, 2024 – QNAP® Systems, Inc., a leading computing, networking, and storage solution innovator, is grateful to have participated in Pwn2Own Ireland 2024, an event that brings together the world’s top security researchers to drive advancements in product security. In response to the insights gained, QNAP promptly issued fixes for the identified vulnerabilities, demonstrating its commitment to swift action.

QNAP has shared information on the identified vulnerabilities and the corresponding fixes developed for QNAP NAS.

QNAP security patches arising from Pwn2Own 2024:

• [QSA-24-41] Vulnerability in HBS 3 Hybrid Backup Sync (PWN2OWN 2024)
  https://www.qnap.com/go/security-advisory/qsa-24-41
  

• [QSA-24-42] Vulnerability in SMB Service (PWN2OWN 2024)
  https://www.qnap.com/go/security-advisory/qsa-24-42

For this year’s Pwn2Own, QNAP provided broader event support by expanding its sponsorship to include both NAS and router categories. QNAP also sent its Product Security Incident Response Team (PSIRT) from headquarters to Cork, Ireland, where they collaborated closely with top security researchers. This on-site presence enabled real-time engagement and quick feedback, facilitating a swift response to vulnerabilities.

QNAP encourages all users to apply the latest updates and remain informed of Security Advisories available on the QNAP website.