Yet more critical NAS security bugs have been uncovered

QNAP assures that it’s working on a fix

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Two security vulnerabilities in the firmware of QNAP’sNetwork-Attached Storage (NAS)devices which were brought to its attention late last year are still yet to be fixed in legacy devices, reports have claimed.

NAS devices by the Taiwanese vendor have proved a popular target for hackers, who actively seek out vulnerabilities to target products that are accessible over the internet.

The tardiness in addressing these critical vulnerabilities is uncharacteristic, asQNAPhas been quick on its heels to mitigate the recent spate of attacks, from fixing across-site scripting vulnerability, to issuing patches toneutralize malwarethat used the NAS device tomine cryptocurrency.

We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.

Click here to start the survey in a new window«

“We reported both vulnerabilities to QNAP with a 4-month grace period to fix them. Unfortunately, as of the publishing of this article, the vulnerabilities have not yet been fixed,” researchers at home security firm SAM Seamless Network noted.

Critical vulnerabilities

Critical vulnerabilities

In the post, SAM claims the vulnerabilities are “severe in nature” and were shared with QNAP on October 12, 2020, and on November 29, 2020.

One of them is a Remote Code Execution (RCE) vulnerability that impacts any QNAP device connected to the Internet, while the other is an arbitrary file write vulnerability that exists in the DLNA server on the NAS devices.

In an email to SAM, QNAP has clarified that both issues have already been fixed for newer QNAP models that run the latest version of the firmware.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

However QNAP argues that given the nature of the vulnerabilities, they are still working on a fix for legacy devices, which should be available in the next few weeks.

Via:The Register

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Washington state court systems taken offline following cyberattack

Is it still worth using Proton VPN Free?

Filming with an iPhone? A smart, AI-powered gimbal from Hohem can help