1 min read

QNAP Fixes Several High-Severity Vulnerabilities in Its NAS Systems

Silviu STAHIE

December 15, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
QNAP Fixes Several High-Severity Vulnerabilities in Its NAS Systems

QNAP has issued yet another slew of fixes for vulnerabilities affecting their NAS systems, including some with a severity of “high.” If exploited, attackers could fully take over compromised systems.

NAS systems are important because they are often used as backup systems, hosting personal and vital data. Because these systems usually run fully fledged operating systems, they tend to be more exposed and have a larger attack surface.

Four high-severity vulnerabilities affected the QTS and QuTS hero (CVE-2020-2495, CVE-2020-2496, CVE-2020-2497 and CVE-2020-2498), allowing remote attackers to inject malicious code in various components.

Other vulnerabilities (CVE-2020-2494, CVE-2020-2493, CVE-2020-2491) are all about cross-site scripting that also let attackers inject malicious code in different modules, like the Music Station, the Multimedia Console and the Photo Station.

QNAP has been issuing fixes in the past few months to deal with the numerous problems its NAS devices have faced. A couple of months ago, they had to fix a critical vulnerability related to Zerologon, which Iranian hackers are known to use.

In September, attackers hit NAS devices from QNAP with AgeLocker ransomware, prompting the developers to issue a new set of firmware updates.

In July, CISA and NCSC issued a joint advisory regarding a malware string under the name of QSnatch.

“The malware, documented in open-source reports, has infected thousands of devices worldwide with a particularly high number of infections in North America and Europe,” stated the advisory. “Further, once a device has been infected, attackers can prevent administrators from successfully running firmware updates.”

In all situations, the most crucial measure users can take is to keep their systems updated to the latest version, including firmware.

tags


Author



Right now

Top posts

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Blockchain Company Horizon Offers Hacker $1 Million to Return $100 Million in Stolen ETH Crypto Blockchain Company Horizon Offers Hacker $1 Million to Return $100 Million in Stolen ETH Crypto
Silviu STAHIE

June 27, 2022

1 min read
Criminals Force Victim to Unlock Phone in Hope of Cryptocurrency Jackpot Criminals Force Victim to Unlock Phone in Hope of Cryptocurrency Jackpot
Radu CRAHMALIUC

June 27, 2022

2 min read
Capital One Hacker Found Guilty of Wire Fraud, Faces More than 20 Years in Prison Capital One Hacker Found Guilty of Wire Fraud, Faces More than 20 Years in Prison
Silviu STAHIE

June 22, 2022

1 min read