QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own
QNAP has fixed seven zero-day vulnerabilities that security researchers exploited to hack QNAP network-attached storage (NAS) devices during the Pwn2Own Ireland 2025 competition. [...]
QNAP makes network-attached storage systems whose firmware, web interfaces, and services can expose files and devices when vulnerabilities are exploited.
Search across headline titles and summaries.
Background for this topic.
QNAP produces network-attached storage (NAS) systems: network-connected appliances that store and share files, run backups, and may host applications such as remote-access services. Their operating systems and web administration interfaces make them security-relevant infrastructure, not merely passive storage. A compromised device can expose stored data, user credentials, or connected services, while malware can encrypt or delete accessible files.
Key risks include vulnerabilities in the NAS operating system or bundled applications, exposed administration interfaces, and weak or reused account passwords. Security management should include monitoring QNAP advisories, promptly applying firmware and application updates, disabling internet-facing administration and unneeded services, enforcing multifactor authentication where available, and limiting permissions. Backups should be isolated from the NAS account and tested for recovery; otherwise an attacker who gains administrative access may also compromise the backup copies. Logs and access alerts can help identify unauthorized use and support containment.
Weekly headline count for the current query.
QNAP has fixed seven zero-day vulnerabilities that security researchers exploited to hack QNAP network-attached storage (NAS) devices during the Pwn2Own Ireland 2025 competition. [...]
QNAP warned customers to patch a critical ASP.NET Core vulnerability that also impacts the company's NetBak PC Agent, a Windows utility for backing& up data to a QNAP network-attached storage (NAS) device. [...]
Cybersecurity researchers have shed light on the inner workings of a botnet malware called PolarEdge
Thousands of ASUS routers have been infected and are believed to be part of a wide-ranging ORB network affecting devices from Linksys, D-Link, QNAP, and Araknis Network.
A new malware campaign has been observed targeting edge devices from Cisco, ASUS, QNAP, and Synology to rope them into a botnet named PolarEdge since at least the end of 2023
QNAP has fixed six rsync vulnerabilities that could let attackers gain remote code execution on unpatched Network Attached Storage (NAS) devices. [...]
Exploits Could Allow Remote Command Execution and AccessThe Taiwanese NAS maker QNAP Systems on Saturday patched multiple flaws in its operating system and applications that could allow attackers to compromise network storage devices. The patch also included multiple flaws in QNAP's router operating system QuRouter OS.
Just what you want to find when you start a new week Taiwanese NAS maker QNAP addressed 24 vulnerabilities across various products over the weekend.…
QNAP has released security bulletins over the weekend, which address multiple vulnerabilities, including three critical severity flaws that users should address as soon as possible. [...]
QNAP has pulled a recently released firmware update after widespread customer reports that it's breaking connectivity and, in some cases, locking users out of their devices. [...]
QNAP has fixed a second zero-day vulnerability exploited at the Pwn2Own Ireland 2024 hacking contest to gain a root shell and take over a TS-464 NAS device. [...]
QNAP has fixed a critical zero-day vulnerability exploited by security researchers on Thursday to hack a TS-464 NAS device during the Pwn2Own Ireland 2024 competition. [...]
The third day of Pwn2Own Ireland 2024 continued to showcase the expertise of white hat hackers as they exposed 11 zero-day vulnerabilities, adding $124,750 to the total prize pool, which now stands at $874,875. [...]
The third day of Pwn2Own Ireland 2024 continued to showcase the expertise of white hat hackers as they exposed 11 zero-day vulnerabilities, adding $124,750 to the total prize pool, which now stands at $874,875. [...]
Taiwanese hardware vendor QNAP has added a Security Center with ransomware protection capabilities to the latest version of its QTS operating system for network-attached storage (NAS) devices. [...]
Taiwanese company QNAP has rolled out fixes for a set of medium-severity flaws impacting QTS and QuTS hero, some of which could be exploited to achieve code execution on its network-attached storage (NAS) appliances
An extensive security audit of QNAP QTS, the operating system for the company's NAS products, has uncovered fifteen vulnerabilities of varying severity, with eleven remaining unfixed. [...]
WatchTowr publishes report claiming vendor failed to issue fixes after four months Infosec boffins say they were forced to go public after QNAP failed to fix various vulnerabilities that were reported to it months ago.…
Taiwanese Hardware Manufacturer Fixes Improper Authentication FlawQNAP Systems on Saturday released a patch for a critical bug that allows unauthorized access to devices without authentication. The issue affects its QTS, QuTS hero, and QuTScloud products and potentially exposes network-attached storage devices to unauthorized access.
QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices. [...]