QNAP
-
Blog
Firmware Update Locked QNAP NAS Owners Out of Their Boxes
A recent update to QNAP’s firmware, version 5.2.2.2950 build 20241114, caused many problems for people with QNAP Network Attached Storage (NAS) devices. Released around November 19th, the update prevented some from accessing their files. A faulty firmware update was supposed to fix some security issues found in QNAP devices. These devices often face cyberattacks, and in February 2023, a serious…
Read More » -
Blog
QNAP addresses critical flaws across NAS, router software
QNAP has released security bulletins over the weekend, which address multiple vulnerabilities, including three critical severity flaws that users should address as soon as possible. Starting with QNAP Notes Station 3, a note-taking and collaboration application used in the firm’s NAS systems, the following two vulnerabilities impact it: CVE-2024-38643 – Missing authentication for critical functions could allow remote attackers to…
Read More » -
Blog
QNAP pulls buggy QTS firmware causing widespread NAS issues
QNAP has pulled a recently released firmware update after widespread customer reports that it’s breaking connectivity and, in some cases, locking users out of their devices. QTS 5.2.2.2950 build 20241114, the buggy firmware causing these issues, was released this Tuesday for a long list of QTS network-attached storage (NAS) models to patch multiple security vulnerabilities and fix various known issues.…
Read More » -
Blog
QNAP patches second zero-day exploited at Pwn2Own to get root
QNAP has released security patches for a second zero-day bug exploited by security researchers during last week’s Pwn2Own hacking contest. This critical SQL injection (SQLi) vulnerability, tracked as CVE-2024-50387, was found in QNAP’s SMB Service and is now fixed in versions 4.15.002 or later and h4.15.002 and later. The zero-day flaw was patched one week after allowing YingMuo (working with…
Read More » -
Blog
QNAP fixes NAS backup software zero-day exploited at Pwn2Own
QNAP has fixed a critical zero-day vulnerability exploited by security researchers on Thursday to hack a TS-464 NAS device during the Pwn2Own Ireland 2024 competition. Tracked as CVE-2024-50388, the security flaw is caused by an OS command injection weakness in HBS 3 Hybrid Backup Sync version 25.1.x, the company’s disaster recovery and data backup solution. “An OS command injection vulnerability…
Read More » -
Blog
QNAP, Synology, Lexmark devices hacked on Pwn2Own Day 3
The third day of Pwn2Own Ireland 2024 continued to showcase the expertise of white hat hackers as they exposed 11 zero-day vulnerabilities, adding $124,750 to the total prize pool, which now stands at $874,875. Pwn2Own, a global hacking competition, challenges top security researchers to exploit a range of software and hardware devices, with the ultimate goal of earning the prestigious…
Read More »