Exploiting security flaws to deploy malware or gain remote access to systems has become a common practice among cybercriminals. Companies are still recovering from the Log4Shell vulnerability to this date. Unfortunately, QNAP – the Taiwanese maker of network-attached storage (NAS) has recently reported one of its own – a critical and dangerous PHP vulnerability.
Security flaws within systems are bound to happen, especially when upgrades/updates are consistently provided. However, such flaws present the perfect opportunity for hackers to make their moves, exploit them, and commit their malicious practices.
If one recent flaw can do a lot of damage, what would you say if it’s been there for three years? We’ll answer that below.
QNAP PHP Vulnerability – NAS Devices Exposed for Three Years
System vulnerabilities can be used for all sorts of malicious activities, including achieving remote code execution. QNAP is not new to the scene when it comes to breaches.
A while ago, the company suffered a hit by none other than the operators behind DeadBolt ransomware. This time around, the overlooked vulnerability can cause a lot of damage.
In fact, the vulnerability, tracked as CVE-2019-11043 has a rating of 9.8 out of 10 for severity. Doing the math is not important here as it’s pretty obvious what impact can it do.
According to QNAP, if the device is running Nginx and php-fpm, the vulnerability will affect the following QNAP operating system versions:
- QTS 5.0.x and later
- QTS 4.5.x and later
- QuTS hero h5.0.x and later
- QuTS hero h4.5.x and later
- QuTScloud c5.0.x and later
The company said that it had already mitigated the issue in OS versions QTS 220.127.116.114 build 20220515 and QuTS hero h18.104.22.1689 build 20220614 and added the following:
“As QTS, QuTS hero or QuTScloud does not have nginx installed by default, QNAP NAS are not affected by this vulnerability in the default state.”
Unfortunately, it seems like QNAP and its NAS devices are still on Deadbolt’s radar. The company said that aside from fixing the vulnerability, it’s also “thoroughly investigating” yet another wave of DeadBolt ransomware attacks on QNAP NAS devices with outdated versions of QTS 4.x.
QNAP PHP Flaw – A Small Vulnerability with Huge Impact
The company is fixing the flaw within its systems. However, it still recommends that customers should upgrade to the newest versions of QuTS and QTS hero OS.
Also, QNAP states that its users should not expose the device to the internet for the time being. Finally, to all who fell victim to DeadBolt, if these individuals failed to locate the ransom note after the upgrade, they should contact QNAP support for further assistance.
A simple bug, flaw, or vulnerability can cause a lot of damage. To avoid such predicaments, make sure to follow the company’s advice. They should be able to solve your problems with ease. You don’t want to end up as a ransomware victim – it costs a lot.