Security News > 2021 > April > Legacy QNAP NAS Devices Vulnerable to Zero-Day Attack
Two critical zero-day bugs affect legacy QNAP Systems storage hardware, and expose devices to remote unauthenticated attackers.
A patch for the now-retired QNAP model TS-231 NAS device, first released in 2015, is scheduled to be released within weeks, QNAP representatives told Threatpost.
Patches for current model QNAP devices need to be downloaded from the QNAP download center and applied manually.
QNAP would not specifically say how many additional legacy NAS devices may be impacted.
The company, in a statement to Threatpost said: "There are many hardware models of NAS in QNAP. In the list, you can find the models, the period of hardware repair or replacement, the supported OS and App updates and maintenance and the status of technical support and security updates. Most of the models, the security update could be upgraded to the latest version, i.e. QTS 4.5.2. However, some old hardware models have limits of firmware upgrade. For example, TS-EC1679U-SAS-RP could support only the legacy QTS 4.3.4.".
QNAP said a fix for supported hardware can be downloaded from the QNAP App Center and is identified as Multimedia Console 1.3.4.
News URL
https://threatpost.com/qnap-nas-devices-zero-day-attack/165165/
Related news
- QNAP fixes NAS backup software zero-day exploited at Pwn2Own (source)
- QNAP patches second zero-day exploited at Pwn2Own to get root (source)
- Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Critical bug in EoL D-Link NAS devices now exploited in attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Palo Alto Networks patches two firewall zero-days used in attacks (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)
- Apple Patches Two Zero-Day Attack Vectors (source)