Security News > 2021 > April > Legacy QNAP NAS Devices Vulnerable to Zero-Day Attack

Two critical zero-day bugs affect legacy QNAP Systems storage hardware, and expose devices to remote unauthenticated attackers.

A patch for the now-retired QNAP model TS-231 NAS device, first released in 2015, is scheduled to be released within weeks, QNAP representatives told Threatpost.

Patches for current model QNAP devices need to be downloaded from the QNAP download center and applied manually.

QNAP would not specifically say how many additional legacy NAS devices may be impacted.

The company, in a statement to Threatpost said: "There are many hardware models of NAS in QNAP. In the list, you can find the models, the period of hardware repair or replacement, the supported OS and App updates and maintenance and the status of technical support and security updates. Most of the models, the security update could be upgraded to the latest version, i.e. QTS 4.5.2. However, some old hardware models have limits of firmware upgrade. For example, TS-EC1679U-SAS-RP could support only the legacy QTS 4.3.4.".

QNAP said a fix for supported hardware can be downloaded from the QNAP App Center and is identified as Multimedia Console 1.3.4.

News URL

https://threatpost.com/qnap-nas-devices-zero-day-attack/165165/