QNAP calls on users to update NAS devices immediately

JavaScript code on a computer screen
(Image credit: Shutterstock / BEST-BACKGROUNDS)

QNAP network-attached storage (NAS) users just can’t seem to catch a break. The company has just released a security advisory, warning users to patch up their endpoints immediately, to fix a flaw that allowed potential threat actors to execute code on the devices, remotely.

The flaw is found in PHP, it was said, and can be found in these devices: QTS 5.0.x and later, QTS 4.5.x and later, QuTS hero h5.0.x and later, QuTS hero h4.5.x and later, and QuTScloud c5.0.x and later.

Users are advised to patch to version QTS 5.0.1.2034 build 20220515 and later, as well as QuTS hero h5.0.0.2069 build 20220614 and later.

The flaw isn’t exactly new, the company further clarified. It was known for approximately three years, but apparently, wasn’t a viable option to exploit until now. 

QNAP seems to be withstanding an everlasting barrage of cyberattacks. Lately, it seems that a week can’t go by without the company fixing some high-severity vulnerability that’s placed its customers at immense risk.

Just this week it was said that QNAP NAS drives users were under attack from the ech0raix ransomware threat actors again, the same group that targeted these devices in December last year.

Furthermore, earlier this year, Deadbolt threat actors left many NAS devices encrypted.

A year ago, the company has had to release a patch to address the problem of cryptomining, as many threat actors were taking advantage of vulnerable NAS devices, installing cryptocurrency miners on them, for their own personal benefit. 

While cryptominers don’t necessarily hurt the target endpoint, they do take up the majority of computing power, leaving the device almost unusable for anything else, until it’s removed.

Besides ech0raix and Deadbolt, QNAP was also observed targeted by Qlocker.

Via: Tom's Hardware

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Ransomware
Synology patches critical vulnerabilities, urges users to update devices against zero-click attacks
Digital image of a lock.
QNAP says it has fixed several major vulnerabilities in NAS backup, recovery app
Representational image of a hacker
TrueNAS device vulnerabilities exposed during hacking competition
An image of network security icons for a network encircling a digital blue earth.
Industrial networks exposed to attack by faulty Moxa devices
cables going into the back of a broadband router on white background
Netgear urges users to patch major router security issues now
A person at a laptop with a cybersecure lock symbol floating above it.
Hackers are still using old Ivanti bugs to break into networks
Latest in Security
An American flag flying outside the US Capitol building against a blue sky
The FCC is creating a security council to bolster US defenses against cyberattacks
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
Ransomware
Microsoft uncovers sleuthy new XCSSET MacOS malware campaign
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Meta warns of worrying security flaw hitting open source type software
Hand holding smartphone and scan fingerprint biometric identity for unlock her mobile phone
Biometrics add another layer of security to passwordless authentication
Data leak
Hacked Tata Technologies data leaked by ransomware gang
Latest in News
Google Gemini Flash 2.0 Images
I tried Gemini's new AI image generation tool - here are 5 ways to get the best art from Google's Flash 2.0
An image of the Samsung Galaxy S25 Ultra from a hands-on event
Samsung Galaxy S26 Ultra could resurrect an intriguing camera feature
Eurocom Raptor X18
At $15,000, this massive 256GB RAM laptop makes Apple's MacBook Pro look affordable, tiny and very, very slow
Cristin Milioti in Black Mirror season 7
Netflix launches trailer for Black Mirror season 7, giving us a look at its first-ever sequel episode and an unexpected returning character
A graphic of the PC Gaming Show
Get ready for a bounty of PC games on June 8, as the PC Gaming show is back
A close up of The Daily podcast from Pocket Casts' web page
‘Podcasting shouldn’t be locked behind walled gardens’: Pocket Casts slams Spotify and makes its web player free to all