Security News > 2023 > March > QNAP warns customers to patch Linux Sudo flaw in NAS devices

QNAP warns customers to patch Linux Sudo flaw in NAS devices
2023-03-29 18:15

Taiwanese hardware vendor QNAP warns customers to secure their Linux-powered network-attached storage devices against a high-severity Sudo privilege escalation vulnerability.

The vulnerability also affects the QTS, QuTS hero, QuTScloud, and QVP NAS operating systems, as QNAP revealed in a security advisory published on Wednesday.

While the company has addressed the flaw in the QTS and QuTS hero platforms, it's still working on providing QuTScloud and QVP security updates.

To update their QTS, QuTS hero, or QuTScloud, customers have to click the "Check for Update" option under the "Live Update" section after logging in as the admin user and going to Control Panel > System > Firmware Update.

Due to the flaw's severity, customers are advised to apply available security updates as soon as possible, as threat actors are known to actively target QNAP NAS security flaws.

Recent attacks targeting QNAP NAS devices include DeadBolt and eCh0raix ransomware campaigns that abuse vulnerabilities to encrypt data on Internet-exposed devices.


News URL

https://www.bleepingcomputer.com/news/security/qnap-warns-customers-to-patch-linux-sudo-flaw-in-nas-devices/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Linux 11 64 2532 1569 67 4232
Qnap 80 4 97 122 76 299