Over 29,000 QNAP devices vulnerable to code injection attacks

Tens of thousands of QNAP network-attached storage devices are waiting to be patched against a critical security flaw addressed by the Taiwanese company on Monday. Remote threat actors can exploit this SQL injection vulnerability to inject malicious code in attacks targeting Internet-exposed and unpatched QNAP devices. QNAP also assigned this bug a CVSS base score of 9.8/10 and said it could be abused in low-complexity attacks by unauthenticated malicious actors without requiring user interaction. The company recommends customers with impacted devices to upgrade to QTS 5.0.1.2234 build 20221201 or later and QuTS hero h5.0.1.2248 build 20221215 or later to secure them from attacks. To update your device, you have to log in as the admin user, go to "Control Panel System Firmware Update," click the "Check for Update" option under the "Live Update" section and wait for the download and installation to complete. While QNAP hasn't tagged this flaw as being actively exploited in the wild, customers are advised to update to the latest available software version as soon as possible since NAS devices have a long history of being targeted in ransomware attacks. One day after QNAP released security updates to address this critical vulnerability, Censys security researchers published a report revealing that just over 550 out of more than 60,000 QNAP NAS devices they found online were patched. "Censys has observed 67,415 hosts with indications of running a QNAP-based system; unfortunately, we could only obtain the version number from 30,520 hosts. But, if the advisory is correct, over 98% of identified QNAP devices would be vulnerable to this attack," senior security researcher Mark Ellzey said. "We found that of the 30,520 hosts with a version, only 557 were running QuTS Hero greater than or equal to 'h5.0.1.2248' or QTS greater than or equal to '5.0.1.2234,' meaning 29,968 hosts could be affected by this vulnerability." Luckily, since this flaw is not yet abused in the wild and proof-of-concept exploit code hasn't yet surfaced online, there's yet time to patch these vulnerable NAS devices and secure them from attacks. Given that such devices have been targeted with multiple ransomware strains in recent years, it's worth repeating that QNAP customers should immediately patch their NAS device before threat actors pounce and encrypt their files. "If the exploit is published and weaponized, it could spell trouble to thousands of QNAP users. Everyone must upgrade their QNAP devices immediately to be safe from future ransomware campaigns," Ellzey added. Besides updating your NAS device ASAP, you should also consider not exposing it online to ensure it's not reachable via the Internet for remote exploitation. Disable the Port Forwarding function of the router: Go to the management interface of your router, check the Virtual Server, NAT, or Port Forwarding settings, and disable the port forwarding setting of NAS management service port. Disable the UPnP function of the QNAP NAS: Go to myQNAPcloud on the QTS menu, click the "Auto Router Configuration," and unselect "Enable UPnP Port forwarding." You should also toggle off SSH and Telnet connections, change the system port number, change device passwords, and enable IP and account access protection using these detailed step-by-step procedures.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 01 Feb 2023 15:57:02 +0000


Cyber News related to Over 29,000 QNAP devices vulnerable to code injection attacks

Over 29,000 QNAP devices vulnerable to code injection attacks - Tens of thousands of QNAP network-attached storage devices are waiting to be patched against a critical security flaw addressed by the Taiwanese company on Monday. Remote threat actors can exploit this SQL injection vulnerability to inject malicious ...
1 year ago Bleepingcomputer.com
QNAP takes down server behind widespread brute-force attacks - QNAP took down a malicious server used in widespread brute-force attacks targeting Internet-exposed NAS devices with weak passwords. The Taiwanese hardware vendor detected the attacks on the evening of October 14 and, with assistance from Digital ...
1 year ago Bleepingcomputer.com
30k Internet-Exposed QNAP NAS Devices Affected by Recent Vulnerability - Attack surface management firm Censys has identified roughly 30,000 internet-exposed QNAP network-attached storage appliances that are likely affected by a recently disclosed critical-severity code injection vulnerability. Tracked as CVE-2022-27596, ...
1 year ago Securityweek.com
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. They also demoed exploits and vulnerability chains targeting zero-days in Xiaomi's 13 Pro ...
1 year ago Bleepingcomputer.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
QNAP Devices Unpatched Against Critical Flaw: Over 29,000 Vulnerable - Tens of thousands of QNAP network-attached storage devices are exposed online and unpatched against a critical security flaw. Remote threat actors can exploit this SQL injection vulnerability to inject malicious code in attacks targeting ...
1 year ago Bleepingcomputer.com
QNAP Alerts of a Vulnerability that Could Lead to Deadbolt Ransomware Attacks - QNAP, a data-storage hardware vendor, has issued a warning to customers to update their devices due to the discovery of a vulnerability that could leave thousands exposed to attacks. The vulnerability, known as CVE-2022-27596, affects QNAP devices ...
1 year ago Therecord.media
Over 40,000 Cisco IOS XE devices infected with backdoor using zero-day - More than 40,000 Cisco devices running the IOS XE operating system have been compromised after hackers exploited a recently disclosed maximum severity vulnerability tracked as CVE-2023-20198. There is no patch or a workaround available and the only ...
1 year ago Bleepingcomputer.com
Number of hacked Cisco IOS XE devices plummets from 50K to hundreds - The number of Cisco IOS XE devices hacked with a malicious backdoor implant has mysteriously plummeted from over 50,000 impacted devices to only a few hundred, with researchers unsure what is causing the sharp decline. This week, Cisco warned that ...
1 year ago Bleepingcomputer.com
QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products - Taiwan-based QNAP Systems on Friday announced patches for a dozen vulnerabilities across its product portfolio, including high-severity flaws in its operating system. The bug affects QTS versions 5.1.x and QuTS hero versions h5.1.x and was resolved ...
11 months ago Securityweek.com
Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto - Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. The contestants also demoed zero-day bugs in printers, routers, smart speakers, surveillance ...
1 year ago Bleepingcomputer.com
QNAP Patches Critical Security Vulnerability that Allows Remote Code Injection - QNAP is warning customers to install QTS and QuTS firmware updates that fix a critical security vulnerability that potentially allows remote attackers to inject malicious code on QNAP NAS devices. This vulnerability is tracked as CVE-2022-27596 and ...
1 year ago Bleepingcomputer.com
Cisco patches IOS XE zero-days used to hack over 50,000 devices - Cisco has addressed the two vulnerabilities that hackers exploited to compromise tens of thousands of IOS XE devices over the past week. The free software release comes after a threat actor leveraged the security issues as zero-days to compromise and ...
1 year ago Bleepingcomputer.com
Exploit released for critical Cisco IOS XE flaw, many hosts still hacked - Public exploit code is now available for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198 that was leveraged as a zero-day to hack tens of thousands of devices. Cisco released patches for most releases of its IOS XE software but ...
1 year ago Bleepingcomputer.com
Multiple QNAP Severity Flaw Let Attackers Execute Remote Code - QNAP has released multiple security advisories for addressing several high, medium, and low-severity vulnerabilities in multiple products, including QTS, QuTS hero, Netatalk, Video Station, QuMagie, and QcalAgent. QNAP has also stated all the ...
11 months ago Gbhackers.com
CVE-2021-20698 - Sharp NEC Displays (UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 ...
2 years ago
CVE-2021-20699 - Sharp NEC Displays ((UN462A R1.300 and prior to it, UN462VA R1.300 and prior to it, UN492S R1.300 and prior to it, UN492VS R1.300 and prior to it, UN552A R1.300 and prior to it, UN552S R1.300 and prior to it, UN552VS R1.300 and prior to it, UN552 ...
2 years ago
CVE-2021-41769 - A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < ...
2 years ago
Hackers Actively Exploiting Vulnerability to Deploy Mirai Malware - Hackers exploit QNAP devices because they often have known vulnerabilities or misconfigurations that can be exploited for unauthorized access. QNAP devices store valuable data, which makes them lucrative targets for threat actors seeking to:-. NVR is ...
1 year ago Cybersecuritynews.com
Cisco discloses new IOS XE zero-day exploited to deploy malware implant - Cisco disclosed a new high-severity zero-day today, actively exploited to deploy malicious implants on IOS XE devices compromised using the CVE-2023-20198 zero-day unveiled earlier this week. The company said it found a fix for both vulnerabilities ...
1 year ago Bleepingcomputer.com
49 unique zero-days Uncovered in Pwn2Own Automotive - On the final day of Pwn2Own Automotive 2024 - Day 3, researchers were granted $1,323,750 in rewards for identifying 49 distinct zero-days. Particularly, the infotainment system and modem of Tesla were attacked by the Synacktiv team, and each ...
10 months ago Cybersecuritynews.com
Over 90,000 LG Smart TVs may be exposed to remote attacks - Security researchers at Bitdefender have discovered four vulnerabilities impacting multiple versions of WebOS, the operating system used in LG smart TVs. The flaws enable varying degrees of unauthorized access and control over affected models, ...
8 months ago Bleepingcomputer.com
CISA Warns of FXC Router, QNAP NVR Vulnerabilities Exploited in the Wild - The US cybersecurity agency CISA on Thursday released industrial control system advisories for vulnerabilities affecting Future X Communications routers and QNAP network video recorder devices, and warned organizations that they have been exploited ...
11 months ago Securityweek.com
Why BYOD Is the Favored Ransomware Backdoor - These devices exist outside of direct corporate management and provide a ransomware gang with unchecked platforms for encrypting data. Microsoft's fourth annual Digital Defense Report for 2023 reveals that 80% of all ransomware compromises come from ...
11 months ago Esecurityplanet.com
Claroty Team82: 63% of Known Exploited Vulnerabilities Tracked by CISA Are on Healthcare Organization Networks - PRESS RELEASE. NEW YORK and ORLANDO, Fla., March 12, 2024/PRNewswire/ -Claroty, the cyber-physical systems protection company, released today at the annual HIMSS24 conference a new report that uncovered concerning data about the security of medical ...
9 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)