1 min read

QNAP Fixes Several High-Severity Vulnerabilities in Its NAS Systems

Silviu STAHIE

December 15, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
QNAP Fixes Several High-Severity Vulnerabilities in Its NAS Systems

QNAP has issued yet another slew of fixes for vulnerabilities affecting their NAS systems, including some with a severity of “high.” If exploited, attackers could fully take over compromised systems.

NAS systems are important because they are often used as backup systems, hosting personal and vital data. Because these systems usually run fully fledged operating systems, they tend to be more exposed and have a larger attack surface.

Four high-severity vulnerabilities affected the QTS and QuTS hero (CVE-2020-2495, CVE-2020-2496, CVE-2020-2497 and CVE-2020-2498), allowing remote attackers to inject malicious code in various components.

Other vulnerabilities (CVE-2020-2494, CVE-2020-2493, CVE-2020-2491) are all about cross-site scripting that also let attackers inject malicious code in different modules, like the Music Station, the Multimedia Console and the Photo Station.

QNAP has been issuing fixes in the past few months to deal with the numerous problems its NAS devices have faced. A couple of months ago, they had to fix a critical vulnerability related to Zerologon, which Iranian hackers are known to use.

In September, attackers hit NAS devices from QNAP with AgeLocker ransomware, prompting the developers to issue a new set of firmware updates.

In July, CISA and NCSC issued a joint advisory regarding a malware string under the name of QSnatch.

“The malware, documented in open-source reports, has infected thousands of devices worldwide with a particularly high number of infections in North America and Europe,” stated the advisory. “Further, once a device has been infected, attackers can prevent administrators from successfully running firmware updates.”

In all situations, the most crucial measure users can take is to keep their systems updated to the latest version, including firmware.

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Meta Pays Out Bounties for Account Takeover and Two-Factor Authentication Bypass Exploits Meta Pays Out Bounties for Account Takeover and Two-Factor Authentication Bypass Exploits
Silviu STAHIE

January 31, 2023

1 min read
Hackers steal 10 million customer details from JD Sports Hackers steal 10 million customer details from JD Sports
Graham CLULEY

January 30, 2023

2 min read
North Korean Hackers Tried to Launder $100 Million in Crypto Stolen in 2022 North Korean Hackers Tried to Launder $100 Million in Crypto Stolen in 2022
Silviu STAHIE

January 25, 2023

1 min read