Security News > 2021 > August > QNAP works on patches for OpenSSL bugs impacting its NAS devices

QNAP works on patches for OpenSSL bugs impacting its NAS devices
2021-08-30 18:21

Network-attached storage maker QNAP is investigating and working on security updates to address remote code execution and denial-of-service vulnerabilities patched by OpenSSL last week.

The security flaws tracked as CVE-2021-3711 and CVE-2021-3712, impact QNAP NAS device running QTS, QuTS hero, QuTScloud, and HBS 3 Hybrid Backup Sync, according to advisories [1, 2] published earlier today.

While the OpenSSL development team published OpenSSL 1.1.1l to address the flaws a week ago, on August 24, QNAP did not provide an estimated time of arrival for incoming security updates.

Last week, Taiwan-based NAS maker Synology also said multiple models in its NAS line are affected by the same two security flaws.

Earlier this month, Palo Alto Networks' Unit 42 revealed that a newly discovered eCh0raix ransomware variant had added support for encrypting both QNAP and Synology NAS devices.

One month earlier, QNAP fixed a critical HBS 3 security vulnerability that enabled attackers to escalate privileges, read sensitive info without authorization, or execute commands remotely.


News URL

https://www.bleepingcomputer.com/news/security/qnap-works-on-patches-for-openssl-bugs-impacting-its-nas-devices/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2021-08-24 CVE-2021-3712 Out-of-bounds Read vulnerability in multiple products
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length.
7.4
2021-08-24 CVE-2021-3711 Classic Buffer Overflow vulnerability in multiple products
In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt().
network
low complexity
openssl debian netapp oracle tenable CWE-120
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Qnap 79 4 95 122 76 297
Openssl 1 7 48 51 13 119