Security News > 2023 > March > QNAP warns customers to patch Linux Sudo flaw in NAS devices
Taiwanese hardware vendor QNAP warns customers to secure their Linux-powered network-attached storage devices against a high-severity Sudo privilege escalation vulnerability.
The vulnerability also affects the QTS, QuTS hero, QuTScloud, and QVP NAS operating systems, as QNAP revealed in a security advisory published on Wednesday.
While the company has addressed the flaw in the QTS and QuTS hero platforms, it's still working on providing QuTScloud and QVP security updates.
To update their QTS, QuTS hero, or QuTScloud, customers have to click the "Check for Update" option under the "Live Update" section after logging in as the admin user and going to Control Panel > System > Firmware Update.
Due to the flaw's severity, customers are advised to apply available security updates as soon as possible, as threat actors are known to actively target QNAP NAS security flaws.
Recent attacks targeting QNAP NAS devices include DeadBolt and eCh0raix ransomware campaigns that abuse vulnerabilities to encrypt data on Internet-exposed devices.
News URL
Related news
- QNAP fixes NAS backup software zero-day exploited at Pwn2Own (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
- QNAP pulls buggy QTS firmware causing widespread NAS issues (source)
- QNAP addresses critical flaws across NAS, router software (source)