QNAP: Patch Critical Remote Code Injection Bug

A main Taiwanese hardware producer is urging its buyers to patch a critical vulnerability in equipment managing the QTS or QuTS hero firmware.

Network-hooked up storage (NAS) device maker QNAP claimed in the advisory yesterday that CVE-2022-27596 impacts QTS 5..1 and QuTS hero h5..1.

“If exploited, this vulnerability makes it possible for remote attackers to inject malicious code,” it warned in the quick advisory.

✔ Approved From Our Partners

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code

The seller suggested prospects to enhance their equipment to:

• QTS 5..1.2234 develop 20221201 and later
• QuTS hero h5..1.2248 create 20221215 and later on

Much more depth can be uncovered in the National Vulnerability Databases (NVD) entry for the flaw, which shows a CVSS score of 9.8 and describes it as an SQL injection vulnerability.

Prospects would be smart to comply with QNAP’s information, given that its units have develop into a common concentrate on for threat actors about the latest many years.

In actuality, its NAS gadgets had been specific by the Deadbolt ransomware variant through most of 2022. In the course of that campaign, it is considered the team exploited a zero-day vulnerability in QNAP firmware to encrypt and extort buyers all around the world. It also experimented with to hold QNAP to ransom by charging the vendor over $1m for the learn decryption essential and additional aspects on the bug.

QNAP buyers are usually compact businesses, faculties, property business office people and identical whose security and patching could not generally abide by ideal methods.

Consumers can down load the update from the QNAP web site, by using its Down load Centre, or log-in to their QTS or QuTS hero as an administrator, pay a visit to Manage Panel > Process > Firmware and then “Check for Update” beneath “Live Update.”