On January 30, 2023, reports began to emerge about a newly discovered vulnerability affecting QNAP devices. Although there is limited information on the details of the vulnerability, it has been fixed in QTS version 5.0.1.2234 and QuTS Hero version h5.0.1.2248 and affects QNAP QTS devices running versions earlier than 5.0.1.2234 and QuTS Hero versions older than “h5. 0.1.2248.” The vulnerability affects QTS Hero versions older than “h5.0.1.2248”. This is being monitored as CVE-2022-27596 at this time.
QNAP has determined this to be a significant vulnerability as it has low attack complexity, does not require authentication, and can be exploited remotely. If the exploit is successful, an attacker will be able to “inject malicious code.”
Due to the fact that Deadbolt ransomware is designed to particularly target QNAP NAS computers, it is highly likely that, in the event of an exploit being made public, the same cybercriminals would use it to distribute Deadbolt ransomware once again.
Unfortunately, the experts were only able to collect the version number of 30,520 out of 67,415 servers that showed signs of running a QNAP-based system. Censys has seen indications that 67,415 hosts are running a QNAP-based system. However, if the advisory is correct, more than 98% of QNAP devices that have been detected would be susceptible to this attack. They found that of the 30,520 sites that had a version, only 557 were using a QuTS Hero version greater than or equal to “h5.0.1.2248” or a QTS version greater than or equal to “5.0.1.2234”. This indicates that the vulnerability could potentially affect 29,968 hosts.
Thousands of QNAP customers may face problems if the vulnerability is made public and then weaponized. It is imperative that everyone promptly update their QNAP devices to protect themselves from future ransomware operations.
The following is a summary of the top ten countries whose hosts are running versions of QNAP that are considered to be susceptible to the CVE-2022-27596 vulnerability.
The following is a summary of the 10 most susceptible versions of QNAP software that we discovered by performing an auxiliary scan on the Internet.
QNAP strongly recommends that users update to the latest version, which users can locate on the product support status page.
We strongly recommend that you take measures to ensure that the device is not connected to the Internet.
Cyber security enthusiast. Information security specialist, currently working as a risk infrastructure specialist and researcher.
Experience in risk and control processes, security audit support, COB (business continuity) design and support, work group management and information security standards.
Send news tips to [email protected] or www.instagram.com/iicsorg/.
You can also find us on Telegram www.t.me/noticiasciberseguridad