NAS - Cyber Security Review

QNAP Fixes Several Vulnerabilities Affecting High-End NAS Devices

Posted onDecember 10, 2024December 11, 2024

QNAP has released fixes for several vulnerabilities affecting the QTS and QuTS hero operating systems. In addition to the three high severity vulnerabilities below, the security advisory also addresses two medium severity vulnerabilities and three low severity vulnerabilities. QuTS is Read More …

CVE-2023-47218: QNAP QTS and QuTS Hero Unauthenticated Command Injection (FIXED)

Posted onFebruary 13, 2024February 14, 2024

Rapid7 has identified an unauthenticated command injection vulnerability in the QNAP operating system known as QTS and QuTS hero. QTS is a core part of the firmware for numerous QNAP entry- and mid-level Network Attached Storage (NAS) devices, and QuTS Read More …

Critical PHP flaw exposes QNAP NAS devices to RCE attacks

Posted onJune 22, 2022

QNAP has warned customers today that most of its Network Attached Storage (NAS) devices are vulnerable to attacks that would exploit a three-year-old critical PHP vulnerability allowing remote code execution. “A vulnerability has been reported to affect PHP versions 7.1.x Read More …

QNAP ‘thoroughly investigating’ new DeadBolt ransomware attacks

Posted onJune 17, 2022June 19, 2022

Network-attached storage (NAS) vendor QNAP once again warned customers on Friday to secure their devices against a new campaign of attacks pushing DeadBolt ransomware. The company is urging users to update their NAS devices to the latest firmware version and Read More …

QNAP warns severe Linux bug affects most of its NAS devices

Posted onMarch 14, 2022

Taiwanese hardware vendor QNAP warns most of its Network Attached Storage (NAS) devices are impacted by a high severity Linux vulnerability dubbed ‘Dirty Pipe’ that allows attackers with local access to gain root privileges. The ‘Dirty Pipe’ security bug affects Read More …

QNAP NAS devices hit in surge of ech0raix ransomware attacks

Posted onDecember 27, 2021December 29, 2021

Users of QNAP network-attached storage (NAS) devices are reporting attacks on their systems with the eCh0raix ransomware, also known as QNAPCrypt. The threat actor behind this particular malware intensified their activity about a week before Christmas, taking control of the Read More …

QNAP works on patches for OpenSSL bugs impacting its NAS devices

Posted onAugust 30, 2021August 31, 2021

Network-attached storage (NAS) maker QNAP is investigating and working on security updates to address remote code execution (RCE) and denial-of-service (DoS) vulnerabilities patched by OpenSSL last week. The security flaws tracked as CVE-2021-3711 and CVE-2021-3712, impact QNAP NAS device running Read More …

New Mirai Variant Targets Zyxel Network-Attached Storage Devices

Posted onMarch 19, 2020March 23, 2020

As soon as the proof-of-concept (PoC) for CVE-2020-9054 was made publicly available last month, this vulnerability was promptly abused to infect vulnerable versions of Zyxel network-attached storage (NAS) devices with a new Mirai variant – Mukashi. Mukashi brute forces the logins using Read More …