Serious vulnerabilities in QNAP NAS not patched after almost a year

vbimport

#1

We’ve just posted the following news: Serious vulnerabilities in QNAP NAS not patched after almost a year[newsimage]http://www.myce.com/wp-content/images_posts/2017/01/myce-qnap_tvs_663-95x75.jpg[/newsimage]

Three vulnerabilities in a NAS system of the Taiwanese company QNAP have not been patched almost a year after they were reported. The vulnerabilities can provide an attacker full control over the device and this way steal data and passwords, according to security company F-Secure.

            Read the full article here: [http://www.myce.com/news/serious-vulnerabilities-qnap-nas-not-patched-almost-year-81243/](http://www.myce.com/news/serious-vulnerabilities-qnap-nas-not-patched-almost-year-81243/)

            Please note that the reactions from the complete site will be synched below.

#2

crap this sucks. how do you know if you’ve been owned? my qnap asked for a firmware update last week and i did it. i can’t find anything amiss.


#3

@aedipuss: I’m going to take a wild guess and say that you can use the same method of manually updating the firmware to re-install said firmware. That way, any malicious code on the device will be wiped and replaced with the code the manufacturer intended to be used.


#4

This has been fixed in the recent QTS release, please refer to the following link for more details as well as the firmware for your QNAP NAS:

And it’s also updated in QNAP’s Security Bulletins and Advisories