Categories: Internet

QNAP Warns Ransom Threats And Provides Updates

NAS manufacturer QNAP is warning customers about critical vulnerabilities that allow attackers to inject and execute commands remotely. Various versions of the QTS operating system and applications on its NAS devices are affected.

The Risk Is High

Updates are already being distributed, so users should urgently check whether they are already up to date. The update is highly recommended – one of the vulnerabilities received a risk rating of 9.8 out of 10.

QNAP devices have been the target of large-scale ransomware attacks several times in the past. A year ago, the Deadbolt ransomware gang exploited a zero-day vulnerability to encrypt NAS devices that were freely accessible on the Internet.

In order to avoid major problems, the following updates are available:

The first vulnerability is known as CVE-2023-23368 and has a critical severity score of 9.8 out of 10. It is a vulnerability that an attacker could exploit to execute commands over a network. The QTS versions affected by the vulnerability are QTS 5.0.x and 4.5.x, QuTS hero h5.0.x and h4.5.x, and QuTScloud c5.0.1.

Fixes are available in the following versions

  • QTS 5.0.1.2376 Build 20230421 and later
  • QTS 4.5.4.2374 Build 20230416 and later
  • QuTS hero h5.0.1.2376 Build 20230421 and later
  • QuTS hero h4.5.4.2374 Build 20230417 and later
  • QuTScloud c5.0.1.2374 and later

The second vulnerability is listed as CVE-2023-23369 and has a severity of 9.0. It could also be exploited by a remote attacker and have the same effect as the first.

The QTS versions 5.1.x, 4.3.6, 4.3.4, 4.3.3 and 4.2.x, Multimedia Console 2.1.x and 1.4.x as well as Media Streaming Add-on 500.1.x and 500.0.x are affected.

Fixes are available in

  • QTS 5.1.0.2399 Build 20230515 and later
  • QTS 4.3.6.2441 Build 20230621 and later
  • QTS 4.3.4.2451 Build 20230621 and later
  • QTS 4.3.3.2420 Build 20230621 and later
  • QTS 4.2.6 Build 20230621 and later
  • Multimedia Console 2.1.2 (2023/05/04) and later
  • Multimedia Console 1.4.8 (2023/05/05) and later
  • Media Streaming Add-on 500.1.1.2 (2023/06/12) and later
  • Media Streaming Add-in 500.0.0.11 (2023/06/16) and later

To update QTS, QuTS hero, or QuTScloud, you must log in as an administrator and navigate to Control Panel > System > Firmware Update. Click on “Check for update” under “Live Update” to download and install the latest version. Updates are also available as manual downloads from the QNAP website.

Share
Published by
Yasir Zeb

Recent Posts

Google Health: A bug is currently really annoying Pixel Watch users

An annoying software error is currently plaguing many owners of the Google Pixel Watch. The…

6 hours ago

Pixel Watch 5: Leak shows the design of the new Google smartwatch in advance

After the new Google smartphones in the Pixel 11 series, official marketing images of the…

6 hours ago

Epson is in court: first lawsuit over planned obsolescence

A French consumer protection association is taking Epson to court. The accusation is of planned…

6 hours ago

EU brings Meta to its knees: ChatGPT is running again in WhatsApp chat

After a months-long exclusion by the Facebook group Meta, the well-known AI chatbot ChatGPT has…

6 hours ago

Good news for Windows 11: Microsoft is banning advertising from search

Microsoft is fundamentally redesigning the search in Windows 11. The operating system loses advertising, forced…

6 hours ago

iOS 27 public beta is here: Apple starts the test phase for all iPhone users

Interested users can now install the first public beta version of iOS 27 on their…

6 hours ago