QNAP has addressed an improper access control vulnerability in the devices’ disaster recovery and data backup software in its NAS Storage
Internet-connected NAS devices are popular targets with threat actors who’ve target vulnerabilities in their software to deploy ransomware or even to use their computing resources for malicious purposes like mining cryptocurrency.
QNAP devices have been at the receiving end of various cyber attack campaigns lately, due to the popularity of the devices. But QNAP has been very active in patching vulnerabilities as well.
This critical security vulnerability which has been patched can be exploited to enable attackers to gain remote access to the devices and escalate privileges, execute commands, and access sensitive information without authorization.
Last year QNAP fixed a cross-site scripting vulnerability, and also issued patches to neutralize malware that used the QNAP device to mine cryptocurrency, earlier this year.