Active Exploitation of QNAP Network Attached Storage (NAS) Vulnerabilities

Published on 24 Apr 2021

Updated on 24 Apr 2021

QNAP Systems (QNAP) has issued a security advisory to address two critical vulnerabilities affecting QNAP NAS. There are reports that the vulnerabilities were actively exploited to deploy ransomware (Qlocker and eCh0raix) in vulnerable systems, which could allow an unauthenticated attacker to take over the Internet-facing hosts.

The vulnerabilities are:
  • CVE-2020-36195: SQL injection vulnerability in Multimedia Console and the Media Streaming Add-On may allow a remote attacker to obtain application information.
  • CVE-2021-28799: An improper authorisation vulnerability that affects QNAP NAS running HBS 3 Hybrid Backup Sync which may allow a remote attackers to access the device.

Administrators and users of the affected products are advised to update to the latest version immediately. All users should also update to a strong password of at least 12 characters which includes upper case, lower case, numbers and/or special characters.

For users affected by the ransomware attacks, the NAS must not be shut down. Users should run a malware scan with the latest Malware Remover version immediately.

More information is available here:
https://www.qnap.com/en/news/2021/response-to-qlocker-ransomware-attacks-take-actions-to-secure-qnap-nas
https://www.qnap.com/en/security-advisory/qsa-21-11
https://www.qnap.com/en/security-advisory/qsa-21-13