CyberNews Briefs

Hundreds of thousands of QNAP devices vulnerable to remote takeover attacks

On Tuesday, a Taiwanese security researcher published details about vulnerabilities within the firmware of Photo Station, a photo album app that is installed with all QNAP network-attached storage (NAS) devices. The researcher, Henry Huang, stated that the Photo Station app is currently installed on 80% of QNAP NAS systems or roughly 450,000 devices.

Huang states that all of these systems with Photo Station downloaded are vulnerable to remote takeover attacks through three separate vulnerabilities in QNAP devices. Huang claims that, when chained together, the bugs have the ability to bypass authentication, insert malicious code, and then install a web shell on unpatched QNAP devices.

Read More: Hundreds of thousands of QNAP devices vulnerable to remote takeover attacks

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.