QNAP network-attached storage (NAS) users just can’t seem to catch a break. The company has just released a security advisory, warning users to patch (opens in new tab) up their endpoints immediately, to fix a flaw that allowed potential threat actors to execute code on the devices, remotely.
The flaw is found in PHP, it was said, and can be found in these devices: QTS 5.0.x and later, QTS 4.5.x and later, QuTS hero h5.0.x and later, QuTS hero h4.5.x and later, and QuTScloud c5.0.x and later.
Users are advised to patch to version QTS 220.127.116.114 build 20220515 and later, as well as QuTS hero h18.104.22.1689 build 20220614 and later.
The flaw isn’t exactly new, the company further clarified. It was known for approximately three years, but apparently, wasn’t a viable option to exploit until now.
QNAP seems to be withstanding an everlasting barrage of cyberattacks. Lately, it seems that a week can’t go by without the company fixing some high-severity vulnerability that’s placed its customers at immense risk.
Just this week it was said that QNAP NAS drives (opens in new tab) users were under attack from the ech0raix ransomware threat actors again, the same group that targeted these devices in December last year.
Furthermore, earlier this year, Deadbolt threat actors left many NAS devices (opens in new tab) encrypted.
A year ago, the company has had to release a patch to address the problem of cryptomining, as many threat actors were taking advantage of vulnerable NAS devices, installing cryptocurrency miners on them, for their own personal benefit.
While cryptominers don’t necessarily hurt the target endpoint, they do take up the majority of computing power, leaving the device almost unusable for anything else, until it’s removed.
Besides ech0raix and Deadbolt, QNAP was also observed targeted by Qlocker.