Security News > 2020 > September > Hackers Are Targeting a Three-Year Old Vulnerability in QNAP NAS Devices
Recent attacks targeting QNAP Network Attached Storage devices were attempting to exploit a vulnerability that was addressed in July 2017, 360 Netlab security researchers say.
Analysis of the QNAP NAS vulnerability revealed that it resides in the CGI program /httpd/cgi-bin/authLogout.
"The problem is QPS SID, QMS SID and QMMS SID does not filter special characters and directly calls the snprintf function to splice curl command string and calls the system function to run the string, thus making command injection possible," 360 Netlab explains.
"This release replaced the system function with qnap exec, and the qnap exec function is defined in the /usr/lib/libuLinux Util.so.0. By using the execv to execute custom command, command injection has been avoided," the researchers say.
"We recommend that QNAP NAS users check and update their firmwares in a timely manner and also check for abnormal processes and network connections," the researchers say.