QNAP: Security update against severe security vulnerabilities

We keep reporting here about new solutions from QNAP and Synology – both in terms of hardware and software. At QNAP it is said that some NAS devices from the Taiwanese manufacturer are said to be affected by a security gap.

This has been going on for several months – and although, according to the report dated March 31, 2021, the finder of the vulnerability informed the company, nothing has happened. The vulnerabilities were made known to the company on October 12, 2020 and November 29, 2020 by SAM Seamless Network, a Connected Home Security company. They were found in the QNAP TS-231's latest firmware version 4.3.6.1446, which was released on September 29, 2020, according to SAM.

"We reported both vulnerabilities to QNAP, with four months to fix them," writes Yaniv Puyeski, a security researcher at SAM. “Unfortunately, the weaknesses have not yet been resolved at the time this article was published.” The gaps are in the Web Server and DLNA Server module and could enable a device takeover. Several QNAP models are said to be affected.

Due to the severity of the vulnerabilities, it was decided not to release the full details yet, as it was believed that doing so could cause great damage to tens of thousands of QNAP devices exposed to the Internet.

One day after the report, QNAP released QTS 4.3.6.1620 Build 20210322, so I checked it again for you. A lot of bug fixes have been made here and security gaps have been closed. CVE-2020-2509 (Severity High) appears to be the vulnerability described. QNAP owners should perhaps read through the whole thing and install the update.

#
preview
product
price

1

WD Elements Portable, external hard drive - 2 TB - USB 3.0 - WDBU6Y0020BBK-WESN

WD Elements Portable, external hard drive – 2 TB – USB 3.0 – WDBU6Y0020BBK-WESN

65.90 EUR

View on Amazon

2

Intenso Memory Case 1 TB external hard drive (6.35 cm (2.5 inch) 5400 rpm, 8 MB cache, USB 3.0) ...

Intenso Memory Case 1 TB external hard drive (6.35 cm (2.5 inch) 5400 rpm, 8 MB cache, USB 3.0) …

44.08 EUR

View on Amazon

3

Seagate Game Drive PS4, portable external hard drive 4 TB, 2.5 inches, USB 3.0, Playstation4, ...

Seagate Game Drive PS4, portable external hard drive 4 TB, 2.5 inches, USB 3.0, Playstation4, …

98.99 EUR

View on Amazon

Amazon links are included in this article. Clicking on it will take you directly to the provider. Should you decide to buy there, we will receive a small commission. Nothing changes in the price for you.

Source link

Tags:

We will be happy to hear your thoughts

Leave a reply

Sharing is Awesome, Do It!

Share this post with your friends
close-link