Security News > 2023 > January > QNAP fixes critical bug letting hackers inject malicious code
QNAP is warning customers to install QTS and QuTS firmware updates that fix a critical security vulnerability allowing remote attackers to inject malicious code on QNAP NAS devices.
"A vulnerability has been reported to affect QNAP devices running QTS 5.0.1 and QuTS hero h5.0.1. If exploited, this vulnerability allows remote attackers to inject malicious code,' warns the QNAP security advisory."
QNAP released a JSON file describing the severity of the vulnerability, which indicates it is exploitable in low-complexity attacks by remote attackers, without requiring user interaction or privileges on the targeted device.
QNAP users may download the update from QNAP's Download Center after selecting the correct product type and model and applying it manually on their devices.
Due to the flaw's severity, users are recommended to apply available security updates as soon as possible, as threat actors actively target QNAP vulnerabilities.
QNAP devices are already the target of ongoing ransomware campaigns known as DeadBolt and eCh0raix, which are known to abuse vulnerabilities to encrypt data on exposed NAS devices.