Taiwan storage manufacturer QNAP Some of them Network Attached Storage (NAS) Device is affected by vulnerabilities Reported by OpenSSL, I’m still releasing a fix.
According to the company, OpenSSL security flaws have been tracked as follows: CVE-2021-3711 When CVE-2021-3712Affects devices running QTS, QuTS Hero, QuTScloud operating system, and Hybrid Backup Synchronous (HBS 3) data backup and disaster recovery solutions.
inside that Advisory, QNAP exploits vulnerabilities to allow remote attackers to read data in the memory of affected devices, trigger denial of service (DoS) attacks, or with the same privileges as a running user. It explains that you can execute code. HBS3 app.
We are investigating how our readers are using VPNs on streaming sites such as Netflix, so we can improve our content and provide better advice. This survey takes less than 60 seconds. We would appreciate it if you could share your experience.
>> Click here to start the survey in a new window
“QNAP is thoroughly investigating the case. We will release a security update and provide more information as soon as possible,” read the QNAP Advisory.
What is a holdup?
Interestingly, the OpenSSL development team has already released OpenSSL v1.1.1l To address the flaw on August 24th last week.
However, the latest QNAP advisory is only aware of the existence of device vulnerabilities. Not only has the company not released a fix, but it hasn’t announced an estimated date when users can expect a patch.
But it’s not just QNAP.Last week, a fellow NAS vendor in Taiwan Synology Also Acknowledged existence Analysis of OpenSSL vulnerability in many products. And like QNAP, Synology hasn’t addressed the flaw yet, instead tagging it as “pending” and “in progress.”
Internet-connected NAS devices are one of the attackers’ favorite targets, and both Synology and QNAP are the recipients of such campaigns.
We haven’t reported any campaigns for these devices that exploit the OpenSSL vulnerability, but delayed patching should be a source of concern for vulnerable device owners.
QNAP states that it is working on a patch for an OpenSSL bug that affects NAS devices.
Source link QNAP states that it is working on a patch for an OpenSSL bug that affects NAS devices.