QNAP warns of bug that causes unlimited restarts
Taiwanese manufacturer QNAP has issued another safety warning to customers. Unpatched NAS devices can be crashed remotely due to an OpenSSL vulnerability – updates are not yet available, however. This is from a message from Bleeping Computer Online Magazine. “It has been reported that there is an infinite loop vulnerability in OpenSSL that affects certain QNAP NAS systems. By exploiting this vulnerability, attackers can perform denial-of-service attacks.” QNAP in a Security Alert “There is currently no workaround for this vulnerability. We recommend that users check for and install security updates as they become available.”
Devices are unusable
In the worst-case scenario, the OpenSSL bug can render the NAS devices useless because if an attacker crashes them, the devices try to reboot over and over in an endless loop. This vulnerability in OpenSSL, known as the “Infinite Loop Vulnerability”, is identified as a CVE-2022-077 and was published a few days ago. According to QNAP, most NAS devices suffer from severe OpenSSL bugs. The company is still working on customizing a security update to OpenSSL for its software. However, no update has been released by QNAP so far. According to the company, the vulnerability affects devices running multiple versions of QTS, QuTS Hero, and QuTScloud, including:
Affected Systems
- QTS 5.0.x and above
- QTS 4.5.4 and later versions
- QTS 4.3.6 and above
- QTS 4.3.4 and above
- QTS 4.3.3 and above
- QTS 4.2.6 and above
- QuTS hero h5.0.x and above
- QuTS hero h4.5.4 and above
- QuTScloud c5.0.x
Digital marketing enthusiast and industry professional in Digital technologies, Technology News, Mobile phones, software, gadgets with vast experience in the tech industry, I have a keen interest in technology, News breaking.
