>
A new exploit has been discovered affecting QNAP customers using the latest versions of their operating systems: QTS 5.0.1 and QuTS hero h.5.0.1, but don’t worry, apply this patch and you should be fine must be.
The vulnerability is said to allow threat actors to inject malicious code, and has been assigned a CVSS (Common Vulkability Score System) score of 9.8 (out of 10), making it critical.
We’re not sure what the implications would be if a cyber-attack were to happen, but QNAP urges its customers to stay informed and patch immediately.
QNAP security patch
The exploit, codenamed CVE-2022-27596, has been marked as “resolved” on the company’s website. website (opens in new tab)describing how users can check for firmware upgrades.
QNAP NAS users should navigate to Control Panel > System > Firmware Update and select Check for Updates under Live Update. Users can also perform a manual update by downloading the firmware from Support > Download Center.
The vulnerability has been fixed in the following versions:
- QTS 5.0.1.2234 build 20221201 and above
- QuTS hero h5.0.1.2248 build 20221215 and above
This is not the first time QNAP customers have been urged to take action to prevent a cyber attack. In fact, the company is regularly under fire. That said, for the most part it has responded quickly to exploits and issued timely patches, giving users peace of mind that it is committed to protecting their data.
In addition, NAS attacks are unfortunately very common and users of all types of devices are urged to protect their data as best as possible. This may include using strong credentials and authentication, and using VPNs and firewalls.