Home » Technology » Internet » QNAP Warns Ransom Threats And Provides Updates

QNAP Warns Ransom Threats And Provides Updates

7 months ago Yasir Zeb

NAS manufacturer QNAP is warning customers about critical vulnerabilities that allow attackers to inject and execute commands remotely. Various versions of the QTS operating system and applications on its NAS devices are affected.

The Risk Is High

Updates are already being distributed, so users should urgently check whether they are already up to date. The update is highly recommended – one of the vulnerabilities received a risk rating of 9.8 out of 10.

QNAP devices have been the target of large-scale ransomware attacks several times in the past. A year ago, the Deadbolt ransomware gang exploited a zero-day vulnerability to encrypt NAS devices that were freely accessible on the Internet.

In order to avoid major problems, the following updates are available:

The first vulnerability is known as CVE-2023-23368 and has a critical severity score of 9.8 out of 10. It is a vulnerability that an attacker could exploit to execute commands over a network. The QTS versions affected by the vulnerability are QTS 5.0.x and 4.5.x, QuTS hero h5.0.x and h4.5.x, and QuTScloud c5.0.1.

Fixes are available in the following versions

  • QTS 5.0.1.2376 Build 20230421 and later
  • QTS 4.5.4.2374 Build 20230416 and later
  • QuTS hero h5.0.1.2376 Build 20230421 and later
  • QuTS hero h4.5.4.2374 Build 20230417 and later
  • QuTScloud c5.0.1.2374 and later

The second vulnerability is listed as CVE-2023-23369 and has a severity of 9.0. It could also be exploited by a remote attacker and have the same effect as the first.

The QTS versions 5.1.x, 4.3.6, 4.3.4, 4.3.3 and 4.2.x, Multimedia Console 2.1.x and 1.4.x as well as Media Streaming Add-on 500.1.x and 500.0.x are affected.

Fixes are available in

  • QTS 5.1.0.2399 Build 20230515 and later
  • QTS 4.3.6.2441 Build 20230621 and later
  • QTS 4.3.4.2451 Build 20230621 and later
  • QTS 4.3.3.2420 Build 20230621 and later
  • QTS 4.2.6 Build 20230621 and later
  • Multimedia Console 2.1.2 (2023/05/04) and later
  • Multimedia Console 1.4.8 (2023/05/05) and later
  • Media Streaming Add-on 500.1.1.2 (2023/06/12) and later
  • Media Streaming Add-in 500.0.0.11 (2023/06/16) and later

To update QTS, QuTS hero, or QuTScloud, you must log in as an administrator and navigate to Control Panel > System > Firmware Update. Click on “Check for update” under “Live Update” to download and install the latest version. Updates are also available as manual downloads from the QNAP website.

Tags: , ,

More Stories

Brokewell Malware Discovered By Researchers Stealing Banking Details Of Users

3 weeks ago Yasir Zeb

The Ultimate Guide to PDF Combiner: Tools and Techniques

2 months ago Alexia Hope
YTMP3

Ytmp3: The Ultimate Tool for Converting YouTube Videos to Mp3

2 months ago Alexia Hope

Today’s Latest

Exynos Snapdragon

Exynos Vs Snapdragon Which Is Better In Performance?

4 days ago Yasir Zeb
xbox cloud

Xbox May Update Is Coming with Improved Cloud Gaming And PC app

4 days ago Yasir Zeb
iOS 17.5

Apple releases iOS 17.5 update and it’s all new

6 days ago Yasir Zeb
Bill Gates

Melinda Out Of Gates Foundation And Withdraws $12.5 Billion

6 days ago Yasir Zeb

Apple Not To Launch Touch MacBooks, Here Is Why

6 days ago Yasir Zeb

Can You Recover Compensation After a Fort Worth Car Accident if You Don’t Have a License?

6 days ago Alexia Hope
iPad Pro

Apple Apologises For Ad Campaign After a Backlash

1 week ago Yasir Zeb
Microsoft Store

Microsoft Own Android And iOS Store Coming In Weeks

1 week ago Research Snipers
Terry Flenory

The Legacy of Terry Flenory: A Journey Through Power, Crime, and Redemption

2 weeks ago Research Snipers
Pacman 30th anniversary

When Was the 30th Anniversary of Pac-Man: A Cultural Icon’s Enduring Legacy

2 weeks ago Yasir Zeb