If you have any network-attached storage (NAS) devices on your home or office network, be advised that they are the new favorite inroad for hackers around the world. According to a report recently published by researchers at 360 Netlab, hacking groups are increasingly exploiting weaknesses in some NAS devices running a variety of QNAP firmware versions that suffer from command injection vulnerabilities.
While QNAP addressed 360 Netlab with their release of firmware version 4.3.3 back in July 2017, unfortunately, most people are not good about keeping their firmware up to date, so you may have one or more vulnerable devices and not even realize it. Both QNAP and the researchers at 360 Netlab recommend checking the version number of the firmware you’re using and upgrading now if you are at risk.
If you’re looking for additional technical details about causing the problem and how it was addressed, there are more details listed below.
QNAP had this to say about version 4.3.3 of their firmware:
“This release replaced the system function with qnap_exec, and the qnap_exec function is defined in the /usr/lib/libuLinux_Util.so.0,” 360 Netlab said. By using the execv to execute custom command, command injection has been avoided.”
Sadly, this isn’t the first time QNAP has been the target of hackers. There’s an ongoing ransomware campaign that utilizes eChoraix ransomware to encrypt NAS devices. Last month, the US’s CISA and the UK’s NCSC issued a joint malware alert about a malware strain called QSnatch that also targets QNAP NAS devices.
In any event, although this issue has long been resolved, it’s clear that there are a significant number of vulnerable devices out there, both on home and office networks.
Kudos to 360 Netlab for shining a light on the NAS vulnerability and QNAP for moving swiftly to correct the issue.