QNAP Fixes Several High-Severity Vulnerabilities in Its NAS Systems
QNAP has issued yet another slew of fixes for vulnerabilities affecting their NAS systems, including some with a severity of “high.” If exploited, attackers could fully take over compromised systems.
NAS systems are important because they are often used as backup systems, hosting personal and vital data. Because these systems usually run fully fledged operating systems, they tend to be more exposed and have a larger attack surface.
Four high-severity vulnerabilities affected the QTS and QuTS hero (CVE-2020-2495, CVE-2020-2496, CVE-2020-2497 and CVE-2020-2498), allowing remote attackers to inject malicious code in various components.
Other vulnerabilities (CVE-2020-2494, CVE-2020-2493, CVE-2020-2491) are all about cross-site scripting that also let attackers inject malicious code in different modules, like the Music Station, the Multimedia Console and the Photo Station.
QNAP has been issuing fixes in the past few months to deal with the numerous problems its NAS devices have faced. A couple of months ago, they had to fix a critical vulnerability related to Zerologon, which Iranian hackers are known to use.
In September, attackers hit NAS devices from QNAP with AgeLocker ransomware, prompting the developers to issue a new set of firmware updates.
In July, CISA and NCSC issued a joint advisory regarding a malware string under the name of QSnatch.
“The malware, documented in open-source reports, has infected thousands of devices worldwide with a particularly high number of infections in North America and Europe,” stated the advisory. “Further, once a device has been infected, attackers can prevent administrators from successfully running firmware updates.”
In all situations, the most crucial measure users can take is to keep their systems updated to the latest version, including firmware.
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns
January 19, 2023
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps
November 29, 2022
How to monitor your online privacy during your Thanksgiving trip
November 22, 2022
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info
November 16, 2022
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be
November 14, 2022