QNAP Fixes Several High-Severity Vulnerabilities in Its NAS Systems
QNAP has issued yet another slew of fixes for vulnerabilities affecting their NAS systems, including some with a severity of “high.” If exploited, attackers could fully take over compromised systems.
NAS systems are important because they are often used as backup systems, hosting personal and vital data. Because these systems usually run fully fledged operating systems, they tend to be more exposed and have a larger attack surface.
Four high-severity vulnerabilities affected the QTS and QuTS hero (CVE-2020-2495, CVE-2020-2496, CVE-2020-2497 and CVE-2020-2498), allowing remote attackers to inject malicious code in various components.
Other vulnerabilities (CVE-2020-2494, CVE-2020-2493, CVE-2020-2491) are all about cross-site scripting that also let attackers inject malicious code in different modules, like the Music Station, the Multimedia Console and the Photo Station.
QNAP has been issuing fixes in the past few months to deal with the numerous problems its NAS devices have faced. A couple of months ago, they had to fix a critical vulnerability related to Zerologon, which Iranian hackers are known to use.
In September, attackers hit NAS devices from QNAP with AgeLocker ransomware, prompting the developers to issue a new set of firmware updates.
In July, CISA and NCSC issued a joint advisory regarding a malware string under the name of QSnatch.
“The malware, documented in open-source reports, has infected thousands of devices worldwide with a particularly high number of infections in North America and Europe,” stated the advisory. “Further, once a device has been infected, attackers can prevent administrators from successfully running firmware updates.”
In all situations, the most crucial measure users can take is to keep their systems updated to the latest version, including firmware.
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data
May 24, 2022
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight
April 15, 2022
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users
April 14, 2022
Why and how to hide your IP address while traveling
April 13, 2022
How Bitdefender Can Help Restore Your Privacy in the Digital Age
April 04, 2022
How Strong is VPN Encryption?
February 28, 2022