QNAP urges consumers to do an urgent NAS equipment software upgrade

Users of QNAP network-attached storage (NAS) can’t seem to get a break. After discovering a vulnerability that might have been exploited remotely, the business has issued a security alert urging customers to quickly update their endpoints.

QuTS Cloud 5.0.x and later, QuTS Hero 5.0.x, QuTS Hero 4.5.x and later, QTS 5.0.x and later all have PHP flaws, according to the reports we’ve heard.

QTS 5.0.1.2034 build 20220515 and later as well as QuTS hero h5.0.0.2069 build 20220614 and later are recommended for users to apply the patches.

The problem isn’t technically new, according to the company’s statement. Three years after it was discovered, it was obviously not a feasible alternative to exploit.

Despite a seemingly never-ending stream of cyberattacks, QNAP seems to remain unaffected. In recent weeks, it has seemed as though the corporation cannot repair a high-severity vulnerability without putting its consumers at risk in some way.

The ech0raix ransomware threat actors, who attacked QNAP NAS discs (opens in a new tab) in December, have struck again this week, according to reports.

Deadbolt threat actors encrypted numerous NAS devices early this year.

Many threat actors were exploiting insecure NAS machines and installing bitcoin miners for their own gain around a year ago, and the firm was forced to issue a patch to solve this problem.

Aside from the fact that cryptominers don’t really harm the target endpoint, they do use a significant amount of CPU power, making the device essentially unusable until it is removed.

Along with ech0raix and deadbolt, Qlocker has been known to attack QNAP.