QNAP fixes critical bug letting hackers inject malicious code
QNAP is warning customers to install QTS and QuTS firmware updates that fix a critical security vulnerability allowing remote attackers to inject malicious code on QNAP NAS devices. [...]
Stay updated on firmware security: Explore the latest threats, updates, and protection strategies for safeguarding critical system software.
Search across headline titles and summaries.
Background for this topic.
Firmware is software stored in a device’s nonvolatile memory that initializes and controls hardware, often before an operating system or application runs. It may reside in computers, network equipment, phones, industrial controllers, storage devices, and embedded components. Firmware can be updated, so it is not necessarily permanent or read-only.
Firmware matters to security because vulnerabilities or unauthorized changes can affect a device beneath the operating system and may persist across software reinstallation. Important controls include authenticated, cryptographically signed updates; secure boot, which verifies code before execution; protection against unauthorized flashing and downgrade attacks; and a reliable recovery mechanism. Practitioners also need firmware inventories, vulnerability tracking, and a supported update process, since obscure components can remain unpatched or use insecure update mechanisms. During an investigation, verifying firmware integrity and the device’s boot chain can help distinguish an operating-system compromise from a deeper modification.
QNAP is warning customers to install QTS and QuTS firmware updates that fix a critical security vulnerability allowing remote attackers to inject malicious code on QNAP NAS devices. [...]