[Discussion] dangerous exploits which are already well know because of the damn old nginx version
Posted: 10 Jun 2025, 00:15
I have a NAS F2-423 with the tos version 6.0.694...I'm very satisfied, especially with the support and service. I recently ran a simple Nmap vulnerable scan and was shocked at the number of vulnerabilities, some of which are publicly known and can be prevented with newer versions of certain services.
Nginx 1.18.0-vulnerabilities (CVEs wie CVE-2022-41741, CVE-2021-23017, CVE-2023-44487
Python 3.10.12-vulnerabilities (CVEs wie CVE-2024-7592, CVE-2024-6232 etc.).this are very highly dangerous exploits which you can check here: https://www.cve.org/CVERecord/SearchRes ... -2024-3094... there you can search for the mentioned ones .
the python vulnerabilty didnt exist in the 5.x version and i see it now with the tos version 6.... its not that much work to deliver a much higher sequrity which is a big thing especially for a nas.pleasae do a up to date version of nginx as soon as possible ..i did alreaday sent a few screenshot of my nmap results to the support and hope they will do the needed changes....as long i cant let my upnp open and need to close all the well beloved services of the nas to not get easily malware installed.
wish you all the best and am still a fan of tnas
cookiehacker
Nginx 1.18.0-vulnerabilities (CVEs wie CVE-2022-41741, CVE-2021-23017, CVE-2023-44487
Python 3.10.12-vulnerabilities (CVEs wie CVE-2024-7592, CVE-2024-6232 etc.).this are very highly dangerous exploits which you can check here: https://www.cve.org/CVERecord/SearchRes ... -2024-3094... there you can search for the mentioned ones .
the python vulnerabilty didnt exist in the 5.x version and i see it now with the tos version 6.... its not that much work to deliver a much higher sequrity which is a big thing especially for a nas.pleasae do a up to date version of nginx as soon as possible ..i did alreaday sent a few screenshot of my nmap results to the support and hope they will do the needed changes....as long i cant let my upnp open and need to close all the well beloved services of the nas to not get easily malware installed.
wish you all the best and am still a fan of tnas
cookiehacker