HomesecurityQNAP: Fixes critical vulnerabilities affecting NAS devices

QNAP: Fixes critical vulnerabilities affecting NAS devices

Η QNAP corrected two critical vulnerabilities security in practice Helpdesk, which could allow potential intruders to take control of NAS devices.

QNAP: Fixes critical vulnerabilities affecting NAS devices

The Helpdesk is application which allows owners of QNAP NAS devices to submit direct requests for assistance to the supplier. To do this, the application has a specific license.

The two vulnerabilities security have been named CVE-2020-2506 and CVE-2020-2507 and are "improper access control vulnerabilities".

QNAP said that if an attacker manages to exploit the two vulnerabilities, he will be able to gain control of a device QNAP NAS.

However, as we said above, the Taiwan-based company fixed the security issues with the issue Helpdesk 3.0.3 and later.

Here are the steps you need to follow to update your Helpdesk:

  • Log in to QTS as an administrator.
  • Open the Application Center and click the magnifying glass.
  • A search box appears.
  • Type “Helpdesk,” then press ENTER.
  • Helpdesk appears in search results.
  • Click Update (The Update button is not available if you are using the latest version).
  • A confirmation message is displayed.
  • Click OK.

If you follow the above procedure, the Helpdesk will be updated, so QNAP NAS devices will remain secure.

QNAP: Fixes critical vulnerabilities affecting NAS devices

In recent months, QNAP NAS Appliances have been targeted hackers and the existence of vulnerabilities facilitates their work. Recently, QNAP advised its customers to update firmware And the applications installed on NAS devices to protect against AgeLocker ransomware.

According to Security Affairs, device owners need to make the updates, because experts say that at the moment there is no free way to restore them data, encrypted by AgeLocker ransomware.

In addition, in early August, QNAP had warned users about QSnatch malware (data theft malware) and had prompted them to update the application Malware Remover. At that time, the CISA and National Cyber ​​Security Center (NCSC) of the United Kingdom had released a joint announcement on a massive Qsnatch malware distribution campaign.

Finally, a few months ago, the company had warned them users her for her eCh0raix ransomware.

Digital fortress
Pursue Your Dreams & Live!