Tuesday, January 31, 2023

QNAP urges customers to update now to stay safe from dangerous security flaw

A new exploit has been discovered that affects QNAP customers running the latest versions of its operating systems: QTS 5.0.1 and QuTS hero h.5.0.1, but don’t worry, apply this patch and you should be good.

The vulnerability is said to allow threat actors to inject malicious code, and has been awarded a common vulnerability scoring system (CVSS) score of 9.8 (out of 10), rendering it of critical importance.

We’re unsure what the implications would be should a cyberattack take place, however QNAP is urging its customers to stay up to date and patch immediately.

QNAP security patch

The exploit, codenamed CVE-2022-27596, is marked as ‘resolved’ on the company’s website, which details how users can check for firmware upgrades.

QNAP NAS users should navigate to Control Panel > System > Firmware Update, and select Check for Update under Live Update. Users can also perform a manual update by downloading the firmware from Support > Download Center.

The vulnerability has been fixed in the following versions:

  • QTS 5.0.1.2234 build 20221201 and later
  • QuTS hero h5.0.1.2248 build 20221215 and later

This isn’t the first time that QNAP customers have been urged to take action in order to prevent a cyberattack. In fact, the company is regularly under attack. That said, for the most part, it has responded promptly to exploits and issued timely patches, giving its users peace of mind that it’s committed to protecting their data.

Moreover, NAS attacks are an unfortunately common occurrence, and users of all device types are urged to protect their data as best they can. This can include using strong credentials and authentication, and using VPNs and firewalls, among other things.



from TechRadar - All the latest technology news https://ift.tt/iX0SMkF

No comments:

Post a Comment

Elon Musk’s xAI supercomputer gets 150MW power boost despite concerns over grid impact and local power stability

Elon Musk's xAI supercomputer gets power boost amid concerns 150MW approval raises questions about grid reliability in Tennessee Lo...