What are you looking for ?
Advertise with us
Advertise with us

Qnap Security Advisory Bulletin ID: QSA-21-12 and QSA-21-14

Concerning NAS running HBS 3 App and Qlocker ransomware, and relative path traversal vulnerability in QTS and QuTS hero NAS OS

Qnap Systems, Inc. had published security enhancement against security vulnerabilities that could affect specific versions of the company’s products.

Use following information and solutions to correct the security issues and vulnerabilities.

Advisory includes following:

Qlocker ransomware
Release date: May 21, 2021
Security ID: QSA-21-12
Severity: Critical
Affected products: Qnap NAS running HBS 3

Summary
A ransomware campaign targeting company’s NAS began the week of April 19th, 2021. The ransomware known as Qlocker exploits CVE-2021-28799 to attack NAS running certain versions of HBS 3 (Hybrid Backup Sync).

Once a NAS is infected, the ransomware moves files on the NAS into password-protected 7z archives. Snapshots are also removed, and users are left with a !!!READ_ME.txt ransom note in each affected folder. To extract the files from the archives, victims would need to enter a password known only to the attacker.

Company have already fixed related vulnerability in following versions of HBS 3:

  • QTS 4.5.2: HBS 3 v16.0.0415 and later

  • QTS 4.3.6: HBS 3 v3.0.210412 and later

  • QTS 4.3.3 and 4.3.4: HBS 3 v3.0.210411 and later

  • QuTS hero h4.5.1: HBS 3 v16.0.0419 and later

  • QuTScloud c4.5.1~c4.5.4: HBS 3 v16.0.0419 and later

Firm’s NAS running HBS 2 and HBS 1.3 are not affected.

More information

Relative path traversal vulnerability in QTS and QuTS hero NAS OS
Release date: May 21, 2021
Security ID: QSA-21-14
Severity: High
CVE identifier: CVE-2021-28798
Affected products: All Qnap NAS

Summary
A relative path traversal vulnerability has been reported to affect company’s
NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to modify files that impact system integrity.

Company have already fixed vulnerability in following versions:

  • QTS 4.5.2.1630 Build 20210406 and later

  • QTS 4.3.6.1663 Build 20210504 and later

  • QTS 4.3.3.1624 Build 20210416 and later

  • QuTS hero h4.5.2.1638 Build 20210414 and later

Firm’s NAS running QTS 4.5.3 are not affected.

More information

Read also :
Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E
RAIDON