QNAP addresses a critical flaw impacting its NAS devices
QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that affects QNAP NAS devices. A remote attacker can exploit the vulnerability to inject malicious code on QNAP NAS devices. The flaw is easy to exploit without user interaction or privileges on the vulnerable device. The…
Synology, QNAP, WD Warn Users About Vulnerabilities Exploited at Hacking Contest
The vulnerabilities were disclosed at the Zero Day Initiative’s Pwn2Own Austin contest in November 2021, where participants earned more than $1 million for hacking routers, printers, smart spears, smartphones and network-attached storage (NAS) devices. The NAS exploits at Pwn2Own targeted WD devices, and they earned participants roughly $500,000. It turns out that at least half…
QNAP Extends Security Updates for Some EOL Devices
QNAP typically provides security updates for four years after a product has reached EOL status. The reason for that, the company says, is that some models may be technologically deprecated and may lack performance capabilities and operational memory, meaning that they may not receive updated drivers. However, due to evolving security threats targeting QNAP models,…
QNAP Warns of New Crypto-Mining Malware Targeting NAS Devices
The Taiwan-based company, which is well known for its NAS and professional network video recorder (NVR) solutions, on Tuesday urged users to take immediate action to keep their devices protected against the new threat. QNAP says it is currently investigating reports where attackers infect NAS appliances with a Bitcoin miner that can be identified by…
