QNAP has released a new security advisory warning users of two vulnerabilities that affect its QTS operating system which powers many of the NAS devices used by businesses and consumers to backup their data locally.
The vulnerabilities, tracked as CVE-2020-2490 and CVE-2020-2492, can be exploited to allow a remote attacker to execute arbitrary commands on NAS devices running versions of QTS released before September 8 of this year.
In its security advisory, QNAP doesn't provide that many details on how exactly these vulnerabilities can be exploited though they are both classified as command injection vulnerabilities. These types of vulnerabilities are particularly dangerous as they could allow for full take over of an affected device.
- We've assembled a list of the best antivirus software around
- These are the best NAS devices on the market
- Upgrade your NAS with one of the best NAS drives available
Thankfully though, QNAP has issued patches to address both vulnerabilities in QTS 4.4.3.1421 build 20200907 and later versions.
Updating QTS
In order to secure your NAS devices from any potential attacks leveraging these vulnerabilities, QNAP recommends that users update QTS to the latest version.
To do so, you'll first need to log on to QTS as an administrator and then navigate to Control Panel > System > Firmware Update. Under the Live Update section, click on Check for Update and then QTS will download and install the latest update available.
Alternatively, you can also go to QNAP's website and under Support, you can perform a manual update for your devices by heading to the download center.
NAS devices are increasingly being targeted by cybercriminals and just last week, QNAP warned that Zerologon now affects NAS devices and a month ago, the company urged users to update their devices to avoid being infected with the AgeLocker ransomware.
- We've also highlighted the best endpoint protection software
Via BleepingComputer
