Serious vulnerabilities in QNAP NAS not patched after almost a year

We’ve just posted the following news: Serious vulnerabilities in QNAP NAS not patched after almost a year[newsimage]http://www.myce.com/wp-content/images_posts/2017/01/myce-qnap_tvs_663-95x75.jpg[/newsimage]

Three vulnerabilities in a NAS system of the Taiwanese company QNAP have not been patched almost a year after they were reported. The vulnerabilities can provide an attacker full control over the device and this way steal data and passwords, according to security company F-Secure.

            Read the full article here: [http://www.myce.com/news/serious-vulnerabilities-qnap-nas-not-patched-almost-year-81243/](http://www.myce.com/news/serious-vulnerabilities-qnap-nas-not-patched-almost-year-81243/)

            Please note that the reactions from the complete site will be synched below.

crap this sucks. how do you know if you’ve been owned? my qnap asked for a firmware update last week and i did it. i can’t find anything amiss.

@aedipuss: I’m going to take a wild guess and say that you can use the same method of manually updating the firmware to re-install said firmware. That way, any malicious code on the device will be wiped and replaced with the code the manufacturer intended to be used.

This has been fixed in the recent QTS release, please refer to the following link for more details as well as the firmware for your QNAP NAS:

And it’s also updated in QNAP’s Security Bulletins and Advisories