Skip to the content.

DIVD-2022-00030 - Exposed QNAP

Our reference DIVD-2022-00030
Case lead Ralph Horn
Researcher(s)
CVE(s)
  • n/a
Product QNAP
Versions 4.3.3 up to 4.4.1
Recommendation If you received a notification of a vulnerability, patch your system with the information provided in this notification.
Patch status Available
Status Open
Last modified 08 Dec 2022 16:28

Summary

QNAP urges users to immediately patch NAS devices after several were recently compromised and infected with malicious software. While the exact vulnerability is unknown, it is known that the threat actors targeted version 4.3.3 to version 4.4.1. Organizations and users are urged to upgrade to the latest version of QTS and disconnect their NAS from the internet.

Impact

By leveraging the vulnerability, an unauthenticated attacker with network access to the QNAP NAS can encrypt all files on the system. For more information on this vulnerability see the article from TheRecord.

What you can do

What we are doing

Timeline

Date Description
23 May 2022 DIVD starts investigating the scope and impact of the vulnerability.
23 May 2022 First version of this case file.
24 May 2022 First round of notifications sent to about 10000 hosts
24 May 2022 Data concerning the Netherlands shared with the Digital Trust Center and the Dutch Security Clearing House (Security Meldpunt)
10 Jun 2022 In the second scan we sent over 15000 notifications concerning vulnerable hosts
10 Jun 2022 Data concerning the Netherlands shared with the Digital Trust Center and the Dutch Security Clearing House (Security Meldpunt) again
gantt title DIVD-2022-00030 - Exposed QNAP dateFormat YYYY-MM-DD axisFormat %e %b %Y section Case DIVD-2022-00030 - Exposed QNAP (still open) :2022-05-23, 2022-12-15 section Events DIVD starts investigating the scope and impact of the vulnerability. : milestone, 2022-05-23, 0d First version of this case file. : milestone, 2022-05-23, 0d First round of notifications sent to about 10000 hosts : milestone, 2022-05-24, 0d Data concerning the Netherlands shared with the Digital Trust Center and the Dutch Security Clearing House (Security Meldpunt) : milestone, 2022-05-24, 0d In the second scan we sent over 15000 notifications concerning vulnerable hosts : milestone, 2022-06-10, 0d Data concerning the Netherlands shared with the Digital Trust Center and the Dutch Security Clearing House (Security Meldpunt) again : milestone, 2022-06-10, 0d

More information