French cyber agencies and authorities are warning of critical security vulnerabilities in various Qnap products. Corrected, the flaws affected network attached storage (NAS) server software.
The Taiwanese company Qnap, specializing in network storage products, has just had serious security concerns, with several major vulnerabilities in its solutions. The problem is also serious enough for Cybermalveillance.gouv.fr to launch, this Monday, May 13, 2024, a CyberAlert, a system intended to raise awareness among individuals, communities and businesses of a critical flaw. So what happened and how can you avoid being exposed to cyber risk?
Qnap NAS server software hit by major vulnerabilities
In recent weeks, multiple vulnerabilities have been identified in Qnap products. Several network attached storage (NAS) server software from the brand have been exposed to cyber risk, presenting flaws of a certain severity, which can go up to the “high” threshold, even “critical” for one of them. ‘between them. Here is the list of affected systems:
- QTS 5.x, 4.5.x
- QuTS hero h5.x, h4.5.x
- QuTScloud c5.x
- myQNAPcloud 1.0.x
- myQNAPcloud Link 2.4.x
- Media Streaming Add-on 500.1.x.
Cyber authorities, including ANSSI, the National Information Systems Security Agency, specify that these vulnerabilities could lead a malicious individual to take remote control of the equipment concerned. The risks of theft, espionage or even destruction of confidential data are also very real.
Only one way to protect yourself: update
Hackers can easily exploit these various vulnerabilities and risks, such as breach of data confidentiality, remote arbitrary code execution and security policy circumvention, to carry out massive attacks against systems today. ‘now vulnerable.
The company, which has since corrected these, now invites all people and entities who use its software and servers to update them as quickly as possible.
Sources: Cybermalveillance.gouv.fr, ANSSI
4