Do you have a QNAP NAS? Quickly fix this big flaw

QNAP, the Taiwan-based NAS manufacturer, has announced that it has identified and fixed a major security flaw in some of its devices.

However, users are advised to update their NAS firmware quickly, before hackers take advantage of it.

NAS, particularly targeted devices

NAS are private storage devices connected to a network, which is very useful for storing your data without having to worry that other people can access it. In other words, they often contain private or sensitive data. They are therefore particularly targeted by ransomware hackers, who encrypt data before demanding a sum of money.

We better understand the eagerness of QNAP, which announced on Monday that it had corrected a security flaw evaluated at 9.8/10. This vulnerability allows hackers to easily inject malicious code, and thus operate on the NAS remotely without the administrator being able to do much about it. Affected customers, i.e. those running QTS 5.0.1 and QuTS hero h5.0.1, are therefore advised to update the firmware to at least QTS 5.0.1.2234 build 20221201 or QuTS hero h5.0.1.2248 and build 20221215.

Many devices still vulnerable

Shortly after the patches went live, security researchers at Censys wanted to take stock. And as much to say that the case is not settled, since of the 29,968 hosts identified, only 557 had been updated as of January 31. This means that a large number of NAS designed by QNAP are still vulnerable to attacks. If you have one of the affected devices, head into settings and run an update check to help protect yourself.

The situation worries in particular Mark Ellzey, principal researcher in security, who fears that the flaw will be shared and therefore very quickly exploited by hackers: “ If the exploit is published […], it could cause trouble for thousands of QNAP users. Everyone should update their QNAP devices immediately to be safe from future ransomware campaigns. »

Source : BleepingComputer