Security News > 2020 > September > Hackers Are Targeting a Three-Year Old Vulnerability in QNAP NAS Devices
Recent attacks targeting QNAP Network Attached Storage devices were attempting to exploit a vulnerability that was addressed in July 2017, 360 Netlab security researchers say.
Analysis of the QNAP NAS vulnerability revealed that it resides in the CGI program /httpd/cgi-bin/authLogout.
"The problem is QPS SID, QMS SID and QMMS SID does not filter special characters and directly calls the snprintf function to splice curl command string and calls the system function to run the string, thus making command injection possible," 360 Netlab explains.
"This release replaced the system function with qnap exec, and the qnap exec function is defined in the /usr/lib/libuLinux Util.so.0. By using the execv to execute custom command, command injection has been avoided," the researchers say.
"We recommend that QNAP NAS users check and update their firmwares in a timely manner and also check for abnormal processes and network connections," the researchers say.
News URL
Related news
- QNAP fixes NAS backup software zero-day exploited at Pwn2Own (source)
- Hackers target critical zero-day vulnerability in PTZ cameras (source)
- Week in review: Zero-click flaw in Synology NAS devices, Google fixes exploited Android vulnerability (source)
- QNAP pulls buggy QTS firmware causing widespread NAS issues (source)
- QNAP addresses critical flaws across NAS, router software (source)
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)