- IT 리더가 지목한 AI 가치 실현의 최대 걸림돌은 ‘비용 관리’
- Los CIO consideran que la gestión de costes puede acabar con el valor de la IA
- 칼럼 | AI 에이전트, 지금까지의 어떤 기술과도 다르다
- The $23 Echo Dot deal is a great deal to upgrade your smart home this Black Friday
- Amazon's Echo Spot smart alarm clock is almost half off this Black Friday
Nearly 30,000 QNAP Devices Exposed to New Bug
A critical new vulnerability disclosed by network-attached storage (NAS) vendor QNAP this week could be exploited on almost 30,000 devices globally, according to Censys.
The security firm scanned the internet to find 67,415 hosts running QNAP-based systems around the world. Although it could only find the version number on 30,250 of them, a worrying 98% were potentially vulnerable to an attack exploiting the new flaw.
Only a few hundred were running the updated firmware versions released by the Taiwanese vendor to remediate the bug, said Censys senior security researchers, Mark Ellzey.
“We found that of the 30,520 hosts with a version, only 557 were running QuTS Hero greater than or equal to ‘h5.0.1.2248’ or QTS greater than or equal to ‘5.0.1.2234,’ meaning 29,968 hosts could be affected by this vulnerability,” he warned.
“If the exploit is published and weaponized, it could spell trouble to thousands of QNAP users. Everyone must upgrade their QNAP devices immediately to be safe from future ransomware campaigns.”
Most of the vulnerable hosts reside in the US (3149), followed by Italy (3200) and Taiwan (1942).
Details of the vulnerability in question, CVE-2022-27596, are being kept under wraps for now, presumably to give customers time to patch. However, it may not be long before threat actors look to weaponize it in exploits, Censys warned.
“We’ve discussed problems with QNAP regarding the Deadbolt ransomware campaigns, which at their height infected over 20,000 devices and successfully stole just under $200,000 from victims. While there are no indications that bad actors are using this new exploit, the threat is definitely on the horizon,” Ellzey argued.
“Given that the Deadbolt ransomware is geared to target QNAP NAS devices specifically, it’s very likely that if an exploit is made public, the same criminals will use it to spread the same ransomware again.”
The CVE appears to be an SQL injection vulnerability which is trivial to exploit and requires no authentication. It was given a CVSS score of 9.8.
