Security News > 2020 > December > QNAP patches QTS vulnerabilities allowing NAS device takeover

QNAP patches QTS vulnerabilities allowing NAS device takeover
2020-12-07 09:10

Network-attached storage maker QNAP today released security updates to address vulnerabilities that could enable attackers to take control of unpatched NAS devices following successful exploitation.

The eight vulnerabilities patched today by QNAP affect all QNAP NAS devices running vulnerable software.

QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later.

QNAP warned customers in September of ongoing attacks targeting publicly exposed NAS devices with AgeLocker ransomware by exploiting older and vulnerable versions of Photo Station.

In an August report, Qihoo 360's Network Security Research Lab said that hackers were also scanning for vulnerable NAS devices and trying to exploit a remote code execution firmware vulnerability addressed by QNAP in July 2017.


News URL

https://www.bleepingcomputer.com/news/security/qnap-patches-qts-vulnerabilities-allowing-nas-device-takeover/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Qnap 80 4 97 122 76 299