Security News > 2021 > April > Legacy QNAP NAS Devices Vulnerable to Zero-Day Attack
Two critical zero-day bugs affect legacy QNAP Systems storage hardware, and expose devices to remote unauthenticated attackers.
A patch for the now-retired QNAP model TS-231 NAS device, first released in 2015, is scheduled to be released within weeks, QNAP representatives told Threatpost.
Patches for current model QNAP devices need to be downloaded from the QNAP download center and applied manually.
QNAP would not specifically say how many additional legacy NAS devices may be impacted.
The company, in a statement to Threatpost said: "There are many hardware models of NAS in QNAP. In the list, you can find the models, the period of hardware repair or replacement, the supported OS and App updates and maintenance and the status of technical support and security updates. Most of the models, the security update could be upgraded to the latest version, i.e. QTS 4.5.2. However, some old hardware models have limits of firmware upgrade. For example, TS-EC1679U-SAS-RP could support only the legacy QTS 4.3.4.".
QNAP said a fix for supported hardware can be downloaded from the QNAP App Center and is identified as Multimedia Console 1.3.4.
News URL
https://threatpost.com/qnap-nas-devices-zero-day-attack/165165/
Related news
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Broadcom fixes three VMware zero-days exploited in attacks (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- EncryptHub linked to MMC zero-day attacks on Windows systems (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google fixes Android zero-days exploited in attacks, 60 other flaws (source)