Search the Community

NAS maker QNAP continues to issue security alerts, and QNAP says ransomware called DeadBolt is looking for NAS servers exposed on the public internet. Earlier this month, QNAP issued an alert saying it had detected a large number of attacks of unknown origin, which sought to exploit vulnerabilities and weak passwords in devices exposed on the public Internet. QNAP did not mention whether the ransomware in the warning was related to the attack at the beginning of the month, but judging from the content of the two warnings, it should be the same batch of attacks. “DeadBolt has been widely targeting all NAS exposed to the Internet without any protection and encrypting users’ data for Bitcoin ransom,” the company said. “QNAP urges all QNAP NAS users to […] immediately update QTS to the latest available version.” QNAP said in the announcement that the ransomware called DeadBolt ransomware is looking for exposed NAS on the network, and then looking for potential vulnerabilities to try to launch an attack. The company said that the ransomware is not complicated and mainly relies on the vulnerabilities of the old QTS system, so it is very important for users to update the QTS system in a timely manner. It is worth noting that in the two warnings, QNAP strongly advised users not to expose their devices to the public Internet. However, for users, not being exposed to the public network means that they cannot connect to the public network, and it is very difficult and inconvenient to access the server content when going out. QNAP even suggested that users turn off the UPnP function of the router. The following are safety recommendations: Use the built-in security advisory function of the QNAP device to scan the potential risks of the device, including detecting whether the device is exposed to the public network and specific open ports. If the scanning shows that the system management service can be accessed from an external address then the device is at high risk and the user should follow the security advisor guidelines to disable public network access. Including disabling external address access, disabling exposed ports, turning off port forwarding or UPnP on the router, and DMZ to ensure that the internal network cannot be accessed from the outside. Of course, the result of this is that users will not be able to access QNAP devices through the external network. If you really need external network access, you can try other methods to strengthen security. Including but not limited to using multi-factor authentication, using high-strength passwords, non-repeating passwords, or using encrypted tunnels to connect to the intranet before using the intranet to access.

QNAP myQNAPcloud Connect version 1.3.4.0317 suffers from a username / password denial of service vulnerability. View the full article

QNAP Netatalk versions prior to 3.1.12 suffer from an authentication bypass vulnerability. View the full article

This Metasploit module creates a virtual web server and uploads the php payload into it. Admin privileges cannot access any server files except File Station files. The user who is authorized to create Virtual Web Server can upload malicious php file by activating the server. Exploit creates a new directory into File Station to connect to the web server. However, only the "index.php" file is allowed to work in the virtual web server directory. No files can be executed except "index.php". Gives an access error. After the harmful "index.php" has been uploaded, the shell can be retrieved from the server. There is also the possibility of working in higher versions. Affects versions prior to 4.2.2. View the full article

QNAP NetBak Replicator version 4.5.6.0607 suffers from a denial of service vulnerability. View the full article

QNAP Photo Station version 5.7.0 suffers from a cross site scripting vulnerability. View the full article

QNap QVR Client version 5.0.3.23100 suffers from a denial of service vulnerability. View the full article