Tuesday, January 26, 00:01
Home security Backdoor was discovered on QNAP NAS storage devices

Backdoor was discovered on QNAP NAS storage devices

Malicious agents have launched extensive investigations into Internet, in order to find Appliances running versions of it QNAP firmware, in order to exploit a remote code execution vulnerability (RCE). That said vulnerability has been fixed by QNAP in a previous version.


However as posted yesterday by his researchers Qihoo 360's Network Security Research Lab (360 Netlab), some hackers exploit a vulnerability to execute remote commands due to a defect command execution in the firmware of QNAP NAS devices.

Vulnerability could lead to remote code execution

Unauthorized hackers can exploit the vulnerability to gain authorization using the executable authLogout.cgi. This executable does not filter out special characters, so it does not clear the input and allows the mode the system to execute the command string, thus allowing command execution, which in turn allows remote code execution.

360 Netlab researchers revealed their findings to QNAP PSIRT on May 13, and on August 12 (three months later) they were informed that the company had addressed the security issue in an earlier security update and that there were still QNAP NAS devices to be updated. .

Vulnerability fixed in version 4.3.3, replacing the function used to execute the command strings.

"On 12 August 2020, QNAP PSIRT replied that the vulnerability had been fixed in early updates, but attacks are still taking place at network. "


QNAP urges its customers to update their devices

According to the researchers of 360 Netlab, the malicious agents who carry out the attacks have not fully automated the process and execute some parts of it manually.

While 360 ​​Netlab has not yet identified the ultimate target of the attackers, it has found that they develop two identical payloads on all compromised devices. One of them is a "reverse shell" that operates on port TCP / 1234.

360 Netlab provides a list of all affected versions of QNAP firmware. QNAP storage devices have also been targeted recently by an eCh0raix Ransomware campaign launched two months ago.


Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement



COVID-19 vaccines: Ways to protect supply chains

The development of vaccines for COVID-19 in such a short period of time has created many challenges and these are not only related to ...

How do insurance companies "enhance" ransomware attacks?

Ransomware attacks have increased significantly, with experts warning that their victims should not pay ransom to hackers ....

Russia: "US may be planning retaliation for SolarWinds hack"!

The Russian government warns the country's organizations about possible cyber attacks that the US may carry out, as "retaliation" for the hack ...

iPhone: How to see which apps have access to your contacts

Some iPhone privacy issues go deeper than accessing your contacts list, which exposes your contacts to ...

COVID-19: Google makes vaccination clinics available

Google CEO Sundar Pichai said Monday that the company will make its facilities available to become clinics ...

Netflix offers "studio quality" audio upgrade on Android

Do not be surprised if Netflix sounds better the next time you run a marathon with rows on your Android phone ...

Will Bitcoin return to $ 40.000? There is concern!

Bitcoin lovers who take his return above the level of $ 40.000 for granted have been worried because the demand ...

Avaddon ransomware: Its operators threaten with DDoS attacks to get ransom!

Lately, more and more ransomware gangs tend to threaten their targets with DDoS attacks in order to secure profits ....

Volunteer firefighters will be trained through VR simulation

Volunteer firefighters in the Australian state of Victoria will soon have access to the virtual reality (VR) training that will be available in ...

Tesla: Accuses its former employee of stealing her confidential data!

On January 23, Tesla sued former employee Alex Khatilov for stealing 26.000 confidential documents, including trade secrets. The software ...