QNAP patches yet another critical security bug in its NAS devices

(Image credit: Shutterstock / song_about_summer)

Taiwan-based network-attached storage (NAS) maker QNAP has addressed an improper access control vulnerability in the devices’ disaster recovery and data backup software. 

Internet-connected NAS devices are popular targets with threat actors who’ve target vulnerabilities in their software to deploy ransomware or even to use their computing resources for malicious purposes like mining cryptocurrency.

QNAP devices have been at the receiving end of various cyber attack campaigns lately, due to the popularity of the devices. But for what it’s worth, QNAP has been very active in patching vulnerabilities as well.

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

>> Click here to start the survey in a new window <<

In the crosshairs

The now-patched critical security vulnerability can be exploited to enable attackers to gain remote access to the devices and escalate privileges, execute commands, and access sensitive information without authorization.

Bleeping Computer reports that the manufacturer fixed another vulnerability in the same backup software, back in April, which was exploited by the Qlocker ransomware operators to target any Internet-connected vulnerable NAS device.

Similarly, late last year QNAP fixed a cross-site scripting vulnerability, and also issued patches to neutralize malware that used the QNAP device to mine cryptocurrency, earlier this year.  

Western Digital users have also been on the receiving end of software vulnerabilities in their devices, with several MyBook devices losing their data after having their devices reset in an ongoing malware campaign.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.