Cloud Security, Cloud Security, Network Security

Legacy QNAP NAS Devices Vulnerable to Zero-Day Attack

QNAP has unveiled two critical zero-day vulnerabilities present in its legacy model TS-231 network attached storage devices and a number of other non-legacy NAS hardware, according to Threatpost. The company said the bugs can be addressed immediately on its non-legacy NAS devices through patches, while a patch for the TS-231 model is scheduled for release over the next few weeks. The bugs, which are designated CVE-2020-2509 and CVE-2021-36195, enable threat actors to perform remote unauthenticated attacks and manipulate data stored on the affected devices. Researchers from SAM Seamless network disclosed the bugs to the public last Wednesday after notifying QNAP of them and providing a four-month grace period for the company to provide a fix. The researchers declined to make public the full technical details of the vulnerabilities due to the possibility of their causing severe harm to QNAP devices that are currently affected, which number in the tens of thousands.
Jill Aitoro

Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.