Geeks for your information News Privacy & Security News v
Legacy QNAP NAS Devices Vulnerable to Zero-Day Attack
Legacy QNAP NAS Devices Vulnerable to Zero-Day Attack
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,064 in 3,838 posts
Thanks Given: 6,200
Joined: 12 September 18
#1
Information  02 April 21, 17:41
Quote:Two critical zero-day bugs affect legacy QNAP Systems storage hardware, and expose devices to remote unauthenticated attackers.
 
The bugs, tracked as CVE-2020-2509 and CVE-2021-36195, impact QNAP’s model TS-231 network attached storage (NAS) hardware, allowing an attacker to manipulate stored data and hijack the device. The vulnerabilities, also impact some non-legacy QNAP NAS gear. However, it is important to note that patches are available for non-legacy QNAP NAS hardware.
 
A patch for the now-retired QNAP model TS-231 NAS device, first released in 2015, is scheduled to be released within weeks, QNAP representatives told Threatpost.
 
Patches for current model QNAP devices need to be downloaded from the QNAP download center and applied manually.
 
Both bugs were disclosed on Wednesday by SAM Seamless Network researchers, who released limited technical details. The disclosure was ahead of official QNAP public disclosure of the vulnerabilities, and was in line with SAM Seamless Network’s disclosure policy of giving a vendor three months to disclose vulnerability details. Both flaws were found in the Oct. and Nov. 2020 timeframe and made public Wednesday.
 
“We reported both vulnerabilities to QNAP with a four-month grace period to fix them,” researchers wrote. “Due to the seriousness of the vulnerabilities, we decided not to disclose the full details yet, as we believe this could cause major harm to tens of thousands of QNAP devices exposed to the internet.”
 
QNAP would not specifically say how many additional legacy NAS devices may be impacted. The company, in a statement to Threatpost said: “There are many hardware models of NAS in QNAP. (See: https://www.qnap.com/en/product/eol.php). In the list, you can find the models, the period of hardware repair or replacement, the supported OS and App updates and maintenance and the status of technical support and security updates. Most of the models, the security update could be upgraded to the latest version, i.e. QTS 4.5.2. However, some old hardware models have limits of firmware upgrade. For example, TS-EC1679U-SAS-RP could support only the legacy QTS 4.3.4.”

Read more: Legacy QNAP NAS Devices Vulnerable to Zero-Day Attack | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Find
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
HiBit Uninstaller 4.0.10 (2026-02-10)
HiBit Uninstaller ...harlan4096 — 11:13
uBOLite 2026.208.2004 (already released ...
uBOLite 2026.208.2...harlan4096 — 08:33
Intel 900-series chipset spcs leaked: B9...
Core Ultra 400S an...harlan4096 — 08:32
Default TRIM Windows Setting Is Making Y...
Solid-state drive ...harlan4096 — 08:29
Revo Uninstaller Pro Updates
Revo Uninstaller P...Mohammad.Poorya — 18:44

[-]
Birthdays
Today's Birthdays
avatar (47)hapedDow
avatar (46)komriwat
Upcoming Birthdays
avatar (38)showercurtains
avatar (49)PeterWhink
avatar (50)neuthrusBub
avatar (30)script6027529171
avatar (46)myhotseeve
avatar (46)Edwinmub
avatar (46)dimaWeami
avatar (39)TranoTymn
avatar (39)MezirLal
avatar (50)listfquoto
avatar (46)dima6sarPrave
avatar (38)Michaelaburi
avatar (46)dpascoal
avatar (51)Ronaldduh
avatar (39)legalgauch
avatar (44)Baihu
avatar (27)RaseinsLikes

[-]
Online Staff
There are no staff members currently online.

>