Your Yello Ring Road To Success
GOOGLE LOGIN MY ADS MY SHOP

Critical PHP Vulnerability Exposes QNAP NAS Devices to Remote Attacks

QNAP NAS PHP Vulnerability

QNAP, Taiwanese maker of network-attached storage (NAS) devices,
on Wednesday said it’s in the process of fixing a critical
three-year-old PHP vulnerability that could be abused to achieve
remote code execution.

“A vulnerability has been reported to affect PHP versions 7.1.x
below 7.1.33, 7.2.x below 7.2.24, and 7.3.x below 7.3.11 with
improper nginx config,” the hardware vendor said[1]
in an advisory. “If exploited, the vulnerability allows attackers
to gain remote code execution.”

CyberSecurity

The vulnerability, tracked as CVE-2019-11043[2], is rated 9.8 out of 10
for severity on the CVSS vulnerability scoring system. That said,
it’s required that Nginx and php-fpm are running in appliances
using the following QNAP operating system versions –

  • QTS 5.0.x and later
  • QTS 4.5.x and later
  • QuTS hero h5.0.x and later
  • QuTS hero h4.5.x and later
  • QuTScloud c5.0.x and later

“As QTS, QuTS hero or QuTScloud does not have nginx installed by
default, QNAP NAS are not affected by this vulnerability in the
default state,” the company said, adding it had already mitigated
the issue in OS versions QTS 5.0.1.2034 build 20220515 and QuTS
hero h5.0.0.2069 build 20220614.

The alert comes a week after QNAP revealed[3]
that it’s “thoroughly investigating” yet another wave of DeadBolt ransomware attacks[4] targeting QNAP NAS
devices running outdated versions of QTS 4.x.

CyberSecurity

Besides urging customers to upgrade to the newest version of QTS
or QuTS hero operating systems, it’s also recommending that the
devices are not exposed to the internet.

Additionally, QNAP has advised customers who cannot locate the
ransom note after upgrading the firmware to enter the received DeadBolt decryption
key[5] to reach out to QNAP Support[6] for assistance.

“If your NAS has already been compromised, take the screenshot
of the ransom note to keep the bitcoin address, then upgrade to the
latest firmware version and the built-in Malware Remover
application will automatically quarantine the ransom note which
hijacks the login page,” it said.

References

  1. ^
    said
    (www.qnap.com)
  2. ^
    CVE-2019-11043
    (nvd.nist.gov)
  3. ^
    revealed
    (www.qnap.com)
  4. ^
    DeadBolt
    ransomware attacks     (thehackernews.com)
  5. ^
    enter
    the received DeadBolt decryption key
    (www.qnap.com)
  6. ^
    QNAP Support
    (service.qnap.com)

Read more