As many as 29,000 network storage devices manufactured by Taiwan-based QNAP are vulnerable to an easy-to-perform hack that could give unauthenticated users on the internet complete control, security firm warns doing.
The vulnerability, which has a severity rating of 9.8 out of 10 possible, was revealed by QNAP on Monday. issued a patch And prompted the user to install. This vulnerability, tracked as CVE-2022-27596, allows remote hackers to carry out attacks. SQL injection, a type of attack that targets web applications that use the Structured Query Language. The SQL injection vulnerability is exploited by entering specially crafted characters or script into the search field, login field, or URL of a buggy website. Injection allows for the modification, theft, or deletion of data, or gaining administrative control over systems running vulnerable apps.
QNAP’s advisory on Monday states that network-attached storage devices running QTS versions prior to 5.0.1.2234 and QuTS Hero versions prior to h5.0.1.2248 are vulnerable. The post also contained instructions for updating to the patched version.
On Tuesday, security firm Censys report Data collected from network scan searches showed that as many as 29,000 QNAP devices may not have been patched for CVE-2022-27596. The researchers found that of his 30,520 internet-connected devices, only 557 of his (about 2%) were patched, although they showed a running version. discovered. Overall, Censys says he detected 67,415 of his QNAP devices. The 29,000 number was extrapolated by applying a 2% patch rate to the total number of devices.
“Given that the Deadbolt ransomware was specifically designed to target QNAP NAS devices, if the exploit were made public, the same criminals could use it to spread the same ransomware again. Very high,” wrote the Censys researchers. “If the exploit were made public and weaponized, it could cause problems for thousands of her QNAP users.”
A Censys representative said in an email that as of Wednesday, researchers had found 30,475 QNAP devices showing version numbers (45 fewer than Tuesday), of which 29,923 were vulnerable to CVE-2022-27596. version you are running.
References to Deadbolt refer to a series of hacking campaigns over the past year that exploited previous vulnerabilities in QNAP devices to infect them with ransomware using that name.one Recent Campaign Wave Occurred in September and exploited CVE-2022-27593, vulnerabilities in devices that use a unique feature known as Photo Station. This vulnerability has been classified as External Control Reference to a resource in another realm.
According to Tuesday’s Censys report, the United States has the most devices vulnerable to CVE-2022-27596, followed by Italy and Taiwan.
Censys also provides a breakdown of:
| Country | total hosts | non-vulnerable host | vulnerable host |
| America | 3,271 | 122 | 3,149 |
| Italy | 3,239 | 39 | 3,200 |
| Taiwan | 1,951 people | 9 | 1,942 |
| Germany | 1,901 | 20 | 1,881 |
| Japan | 1,748 | 34 | 1,714 |
| France | 1,527 | 69 | 1,458 |
| Hong Kong | 1,425 | 3 | 1,422 |
| Korea | 1,313 | 2 | 1,311 |
| England | 1,167 | Ten | 1,157 |
| Poland | 1,001 | 17 | 984 |
In the past, QNAP has Recommended All of these steps should be taken by the user to reduce the chance of being hacked.
- Disable the port forwarding function of your router.
- Set up myQNAPcloud on your NAS to enable secure remote access and prevent internet exposure.
- Update the NAS firmware to the latest version.
- Update all applications on the NAS to the latest version.
- Enforce strong passwords for all user accounts on the NAS.
- Protect your data by creating snapshots and backing up regularly.
As report Over the years, Bleeping Computer has hacked QNAP devices and infected other ransomware strains including Muhstik, eCh0raix/QNAPCrypt, QSnatch, Agelocker, Qlocker, DeadBolt, and Checkmate. Users of these devices need to act now.
