QNAP QTS Zero-Days Publicly Exposed: What You Need to Know

In a recent security audit, researchers uncovered 15 vulnerabilities in QNAP’s QTS, the operating system powering the company’s network-attached storage (NAS) devices. Read on to learn more.  

Tell me more about QNAP’s QTS vulnerabilities 

Out of the 15 QNAP QTS vulnerabilities, 11 remain unpatched. Among the unpatched issues is CVE-2024-27130, a critical stack buffer overflow vulnerability in the ‘No_Support_ACL’ function of ‘share.cgi.’ This vulnerability is particularly dangerous as it can lead to remote code execution (RCE) under specific conditions. 

Exploitation of this vulnerability requires an attacker to obtain a valid shared file link (‘ssid’) from a NAS user. Despite researchers reporting these issues to QNAP between December 2023 and January 2024, only four vulnerabilities have been addressed so far. WatchTowr Labs, the team behind this discovery, has publicly released details and a proof of concept (PoC) exploit for CVE-2024-27130. 

With these vulnerabilities now publicly known, it is highly likely that threat actors will attempt to create their own exploits to target vulnerable NAS instances. 

What is Nuspire doing? 

At Nuspire, we take such threats seriously. We promptly apply patches in line with vendor recommendations and actively hunt for any signs of compromise within our client environments.  

What should I do? 

If your organization uses QNAP NAS devices, it is crucial to take immediate steps to protect your systems. Here are some recommended actions: 

  1. Update QTS and QuTS Hero: Ensure your devices are running the latest versions. Update to QTS build 20240402 or later, and QuTS hero h5.1.6.2734 build 20240414 or later, which address some of the identified vulnerabilities. 
  2. Restrict Access: Limit external sharing features and ensure that only trusted users have access to shared files. 
  3. Disable File Sharing: Temporarily disable file sharing features to prevent attackers from obtaining ‘ssid’ values that could be used in an exploit. 
  4. Monitor Shared Links: Regularly audit shared links and remove any that are publicly accessible or no longer necessary. This reduces the chances of attackers exploiting publicly available ‘ssid’ values. 
  5. Monitor for Patches: Stay vigilant for any updates from QNAP. Be on the lookout for new patches or workarounds that address the vulnerabilities and apply them as soon as they become available.

By following these steps, you can significantly reduce the risk of your QNAP NAS devices being compromised. Staying proactive and vigilant is key in managing and mitigating the impact of these newly disclosed vulnerabilities. Furthermore, consistent vulnerability management and timely patching are vital to minimizing these risks and keeping your network secure.  

Have you registered for our next event?