A new exploit has been discovered that affects QNAP customers running the latest OS versions: QTS 5.0.1 and QuTS hero h.5.0.1, but don’t worry, apply this patch and you should be fine.
The vulnerability is said to allow cybercriminals to inject malicious code and has a score of 9.8 (out of 10) on the Common Security Vulnerability Scoring System (CVSS), making it critical.
We are not sure what the implications would be if a cyberattack were to take place, but QNAP encourages its customers to update and install patches immediately.
QNAP security patch
The exploit codenamed CVE-2022-27596 is marked as “resolved” on the company’s website website (opens in a new tab)detailing how users can check for firmware updates.
QNAP NAS users should go to Control Panel > System > Firmware Update and select Check for Update under Live Update. Users can also manually update by downloading the firmware from Support > Download Center.
The vulnerability has been fixed in the following versions:
- QTS 18.104.22.1684 build 20221201 and later
- QuTS hero h22.214.171.1248 build 20221215 and later
This is not the first time QNAP customers have been urged to take action to prevent a cyberattack. In fact, the company is regularly attacked. That said, for the most part, it was quick to respond to exploits and issue patches in a timely manner, giving its users the confidence that it is committed to protecting their data.
Moreover, NAS attacks are unfortunately a common occurrence, and users of all types of devices are encouraged to protect their data as best as they can. This may include, but is not limited to, using strong credentials and authentication, and using VPNs and firewalls.