Cloud Security, Cloud Security, Network Security
Legacy QNAP NAS Devices Vulnerable to Zero-Day Attack
QNAP has unveiled two critical zero-day vulnerabilities present in its legacy model TS-231 network attached storage devices and a number of other non-legacy NAS hardware, according to Threatpost. The company said the bugs can be addressed immediately on its non-legacy NAS devices through patches, while a patch for the TS-231 model is scheduled for release over the next few weeks. The bugs, which are designated CVE-2020-2509 and CVE-2021-36195, enable threat actors to perform remote unauthenticated attacks and manipulate data stored on the affected devices. Researchers from SAM Seamless network disclosed the bugs to the public last Wednesday after notifying QNAP of them and providing a four-month grace period for the company to provide a fix. The researchers declined to make public the full technical details of the vulnerabilities due to the possibility of their causing severe harm to QNAP devices that are currently affected, which number in the tens of thousands.
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds