• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

ReZone

Collect Product Review

  • Home
  • Laptop
  • Mobile
  • Tablet
  • Smart Home
  • TV
  • Audio
  • Gaming

QNAP Patches Another Vulnerability, Update Your NAS ASAP

June 22, 2022 by www.tomshardware.com

NAS specialist QNAP, whose tribulations we've mentioned previously in these pages, has released a high-severity security advisory (opens in new tab) warning of a flaw that may allow attackers to gain remote code execution privileges on an affected storage device.

The bug (opens in new tab) is in PHP and affects NAS boxes running QTS 5.0.x and later, QTS 4.5.x and later, QuTS hero h5.0.x and later, QuTS hero h4.5.x and later, and QuTScloud c5.0.x and later. It was already patched in QTS 5.0.1.2034 build 20220515 and later, as well as QuTS hero h5.0.0.2069 build 20220614 and later.

The problem appears to be in the part of PHP that deals with FPM and isn’t a new vulnerability. It’s been known about in theory for three years, but only now has it been shown to be exploitable. FPM is a FastCGI Process Manager that a webserver passes requests to and which can spawn and kill PHP processes as needed. If set up in a particular way, this FPM can be manipulated into writing data past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution.

Note that this is totally different from QNAP’s recent unfortunate experience with Deadbolt ransomware (opens in new tab) . The reason why QNAP, out of all the NAS vendors, appears to have so many problems is that it’s both very popular and takes a conscientious approach to issuing security advisories and deploying patches. Given that the vulnerability hasn’t been patched for all QNAP operating systems yet, it has been assigned the status ‘Fixing.’

In the meantime, QNAP recommends users update to the latest firmware for their storage box. This can be done in the system control panel, using the Live Update panel, or by downloading an update file directly from the QNAP website (opens in new tab) .

  • Microsoft releases over 100 security updates - so patch now
  • Windows 10 update problem: We're fixing Kerberos authentication bug, says Microsoft
  • Google patches two actively exploited Chrome zero-day bugs
  • Android users alert! Google asking you to update Chrome to avoid critical bug
  • 'Smash Ultimate' Version 9.0 Update Featuring Minecraft Steve is Live - Patch Notes
  • Cisco reveals this critical bug in Cisco Security Manager after exploits are posted – patch now
  • VIETNAM NEWS NOVEMBER 27 (updated hourly)
  • VIETNAM NEWS NOVEMBER 29 (updated hourly)
  • Drupal sites vulnerable to double-extension attacks
  • The Windows 10 update guide: How to install and manage security and feature updates
QNAP Patches Another Vulnerability, Update Your NAS ASAP have 404 words, post on www.tomshardware.com at June 22, 2022. This is cached page on ReZone. If you want remove this page, please contact us.

Filed Under: News qnap mobile nas, qnap nas finder, qnap nas hdmi, qnap nas reset, qnap nas ts 431, qnap nas ts 451, qnap vs synology nas, microsoft patches and updates, software patches and updates, patching vulnerabilities

Primary Sidebar

RSS Recent Stories

  • Best refurbished iPhone deals and sales for June 2022 | Digital Trends
  • Gartner Predicts a 9.5% PC Industry Decline for 2022
  • Samsung Begins 3nm Production: World’s First Gate-All-Around Transistors
  • Intel Driver Adds Support for High End Cards, Toggle Performance Optimizations
  • Where to Buy the Raspberry Pi Pico W

Sponsored Links

  • How American stocks could continue to climb
  • Which is The Economist’s country of the year for 2021?
  • After a shocker in 2021, where might inflation go in 2022?
  • The hidden costs of cutting Russia off from SWIFT
  • Has the pandemic shown inflation to be a fiscal phenomenon?
Copyright © 2022 ReZone. Power by Wordpress.
Home - About Us - Contact Us - Disclaimers - DMCA - Privacy Policy - Submit your story