CyberSecurityBoard
Sponsor Register Login

QNAP Authentication Bypass Vulnerability Exposes NAS Devices to Remote Attacks

A critical authentication bypass vulnerability has been discovered in QNAP NAS devices, allowing remote attackers to gain unauthorized access without valid credentials. This flaw affects multiple QNAP models and could lead to data breaches, ransomware deployment, and full device compromise. The vulnerability stems from improper authentication checks in the device's web interface, enabling attackers to bypass login mechanisms. QNAP has released patches and urged users to update their firmware immediately to mitigate risks. Security experts recommend disabling remote access until updates are applied and monitoring network traffic for suspicious activity. This incident highlights the importance of timely patch management and robust authentication controls in protecting network-attached storage systems from evolving cyber threats.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 01 Sep 2025 07:25:21 +0000


Cyber News related to QNAP Authentication Bypass Vulnerability Exposes NAS Devices to Remote Attacks

Over 29,000 QNAP devices vulnerable to code injection attacks - Tens of thousands of QNAP network-attached storage devices are waiting to be patched against a critical security flaw addressed by the Taiwanese company on Monday. Remote threat actors can exploit this SQL injection vulnerability to inject malicious ...
2 years ago Bleepingcomputer.com
QNAP takes down server behind widespread brute-force attacks - QNAP took down a malicious server used in widespread brute-force attacks targeting Internet-exposed NAS devices with weak passwords. The Taiwanese hardware vendor detected the attacks on the evening of October 14 and, with assistance from Digital ...
2 years ago Bleepingcomputer.com
QNAP Devices Unpatched Against Critical Flaw: Over 29,000 Vulnerable - Tens of thousands of QNAP network-attached storage devices are exposed online and unpatched against a critical security flaw. Remote threat actors can exploit this SQL injection vulnerability to inject malicious code in attacks targeting ...
2 years ago Bleepingcomputer.com
30k Internet-Exposed QNAP NAS Devices Affected by Recent Vulnerability - Attack surface management firm Censys has identified roughly 30,000 internet-exposed QNAP network-attached storage appliances that are likely affected by a recently disclosed critical-severity code injection vulnerability. Tracked as CVE-2022-27596, ...
2 years ago Securityweek.com CVE-2022-27596
QNAP Patches Critical Security Vulnerability that Allows Remote Code Injection - QNAP is warning customers to install QTS and QuTS firmware updates that fix a critical security vulnerability that potentially allows remote attackers to inject malicious code on QNAP NAS devices. This vulnerability is tracked as CVE-2022-27596 and ...
2 years ago Bleepingcomputer.com CVE-2022-27596
QNAP Zero-Day Vulnerabilities Exploited in the Wild - QNAP, a leading provider of network-attached storage (NAS) devices, has recently been targeted by cybercriminals exploiting zero-day vulnerabilities. These security flaws allow attackers to gain unauthorized access to QNAP NAS devices, potentially ...
1 month ago Cybersecuritynews.com CVE-2023-27532 CVE-2023-27533
QNAP Authentication Bypass Vulnerability Exposes NAS Devices to Remote Attacks - A critical authentication bypass vulnerability has been discovered in QNAP NAS devices, allowing remote attackers to gain unauthorized access without valid credentials. This flaw affects multiple QNAP models and could lead to data breaches, ...
3 months ago Cybersecuritynews.com CVE-2023-XXXX
20 Best Remote Monitoring Tools - 2025 - What is Good ?What Could Be Better ?Strong abilities to keep an eye on devices and systems.Some parts may take time to figure out.It gives you tools for remote control and troubleshooting.There could be more ways to change things.Lets you automate ...
8 months ago Cybersecuritynews.com
Zyxel warns of multiple critical vulnerabilities in NAS devices - Zyxel has addressed multiple security issues, including three critical ones that could allow an unauthenticated attacker to execute operating system commands on vulnerable network-attached storage devices. Zyxel NAS systems are used for storing data ...
2 years ago Bleepingcomputer.com CVE-2023-35137 CVE-2023-35138
CVE-2021-41769 - A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < ...
3 years ago
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
2 years ago Esecurityplanet.com
QNAP Patches High-Severity Flaws in QTS, Video Station, QuMagie, Netatalk Products - Taiwan-based QNAP Systems on Friday announced patches for a dozen vulnerabilities across its product portfolio, including high-severity flaws in its operating system. The bug affects QTS versions 5.1.x and QuTS hero versions h5.1.x and was resolved ...
1 year ago Securityweek.com CVE-2022-43634 CVE-2023-47559 CVE-2023-47560
QNAP Alerts of a Vulnerability that Could Lead to Deadbolt Ransomware Attacks - QNAP, a data-storage hardware vendor, has issued a warning to customers to update their devices due to the discovery of a vulnerability that could leave thousands exposed to attacks. The vulnerability, known as CVE-2022-27596, affects QNAP devices ...
2 years ago Therecord.media CVE-2022-27596
Passwordless Login: Effortless Authentication - Let's explore how passwordless login paves the way for seamless and secure user authentication, fostering trust and loyalty. The Password Dilemma Though conventional complex password-based authentication has long been a cornerstone of robust ...
1 year ago Feeds.dzone.com
What Is Kerberos Authentication?: Implementing Effective Security Protocols - Kerberos is a vital security protocol that any serious computer user must be familiar with. It is an open standard that provides a secure way of verifying the identity of user across multiple systems. The Kerberos authentication protocol is a ...
2 years ago Heimdalsecurity.com
CVE-2020-2501 - A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the ...
4 years ago
CVE-2021-28797 - A stack-based buffer overflow vulnerability has been reported to affect QNAP NAS devices running Surveillance Station. If exploited, this vulnerability allows attackers to execute arbitrary code. QNAP have already fixed this vulnerability in the ...
4 years ago
Hackers Actively Exploiting Vulnerability to Deploy Mirai Malware - Hackers exploit QNAP devices because they often have known vulnerabilities or misconfigurations that can be exploited for unauthorized access. QNAP devices store valuable data, which makes them lucrative targets for threat actors seeking to:-. NVR is ...
2 years ago Cybersecuritynews.com
Synology Beestation 0-Day Vulnerability Exposes NAS Devices to Remote Attacks - A critical zero-day vulnerability has been discovered in Synology's Beestation NAS devices, exposing users to potential remote code execution attacks. This flaw allows attackers to bypass authentication mechanisms and gain unauthorized access to ...
1 month ago Cybersecuritynews.com CVE-2024-XXXX
Multiple QNAP Severity Flaw Let Attackers Execute Remote Code - QNAP has released multiple security advisories for addressing several high, medium, and low-severity vulnerabilities in multiple products, including QTS, QuTS hero, Netatalk, Video Station, QuMagie, and QcalAgent. QNAP has also stated all the ...
1 year ago Gbhackers.com CVE-2023-39294 CVE-2023-39296 CVE-2023-47219 CVE-2023-47559 CVE-2023-47560 CVE-2023-41287 CVE-2023-41288 CVE-2022-43634 CVE-2023-41289
QNAP Releases Security Updates to Address Critical Vulnerability in NAS Devices - Taiwanese company QNAP has released updates to remediate a critical security flaw affecting its network-attached storage (NAS) devices. Tracked as CVE-2022-27596, the vulnerability has been rated 9.8 out of a maximum of 10 on the CVSS scoring scale. ...
2 years ago Thehackernews.com CVE-2022-27596
Over 90,000 LG Smart TVs may be exposed to remote attacks - Security researchers at Bitdefender have discovered four vulnerabilities impacting multiple versions of WebOS, the operating system used in LG smart TVs. The flaws enable varying degrees of unauthorized access and control over affected models, ...
1 year ago Bleepingcomputer.com CVE-2023-6317 CVE-2023-6318 CVE-2023-6319 CVE-2023-6320
How to Use Context-Based Authentication to Improve Security - One of the biggest security weak points for organizations involves their authentication processes. Context-based authentication offers an important tool in the battle against credential stuffing, man-in-the-middle attacks, MFA prompt bombing, and ...
1 year ago Securityboulevard.com
Why BYOD Is the Favored Ransomware Backdoor - These devices exist outside of direct corporate management and provide a ransomware gang with unchecked platforms for encrypting data. Microsoft's fourth annual Digital Defense Report for 2023 reveals that 80% of all ransomware compromises come from ...
1 year ago Esecurityplanet.com
QNAP fixes seven NAS zero-day vulnerabilities exploited at Pwn2Own - QNAP has released critical security patches addressing seven zero-day vulnerabilities in its NAS devices, which were exploited during the recent Pwn2Own hacking competition. These vulnerabilities could allow attackers to execute arbitrary code, ...
1 month ago Bleepingcomputer.com CVE-2023-XXXX CVE-2023-YYYY CVE-2023-ZZZZ

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)