News

Root vulnerability: QNAP asks customers for new NAS configuration

Photo of Simon Lüthje Simon Lüthje11. February 2022
Bild: QNAP

QNAP unfortunately seems to suffer from a “small” security problem again. It should be possible to access the contents of the manufacturer’s network storage via a backdoor in Samba. But the company has already published suitable solutions to the problem, which you should quickly incorporate into your personal NAS config.

Dangerous root security vulnerability

This is the second time in two weeks that we unfortunately have to report a security issue with QNAP’s networking solutions. But unlike our report from January, this time it’s not a specific cyberattack on the network devices. Instead, this time people are supposed to act prophylactically to prevent an attack in advance. The cause of all the excitement is a recently disclosed root security vulnerability in a software for Windows services.

More precisely, the Samba service is affected. Since QNAP is not yet 100 percent sure that its own network devices are protected from the effects of the gap, it prefers to play it safe. Thus, they want to adapt their own firmware to the changed conditions in order to provide the greatest possible security. Those who already want to provide protection can do this on their own. For this, a few adjustments in the configuration of the NAS are necessary.

Hindering the risks of the security vulnerability yourself

We can only warmly recommend you to already make sure yourself that the root leak does not become a problem in the first place. To do this, you need to specify in the NAS configuration that the affected service is not supported for Windows in the first place. To do this, disable the support for Samba (SMBv1).

On top of that, it is important that you restrict access rights, if not already done. In particular, guest access should be denied on all network shares. QNAP emphasizes that these two configuration steps are of elementary importance if you want to secure your network device despite the root gap.

Praiseworthy action by QNAP

Quite obviously, the manufacturer has learned from the mistakes of the cyberattack mentioned at the beginning. To combat the ransomware that became known in January, QNAP provided its customers’ NAS solutions with a suitable firmware update. Unfortunately, this came too late in many cases. Now, however, some time is needed to program suitable security updates for the case of the root vulnerability in Samba that has now occurred. Accordingly, QNAP has commendably decided to ask its customers for a corresponding configuration until the update is ready.

Tags
Photo of Simon Lüthje Simon Lüthje11. February 2022
Photo of Simon Lüthje

Simon Lüthje

I am co-founder of this blog and am very interested in everything that has to do with technology, but I also like to play games. I was born in Hamburg, but now I live in Bad Segeberg.

Related Articles

Synology: Major update for NAS and new cloud services

23. June 2021
QNAP TS-364

QNAP TS-364: New 3-bay RAID 5 2.5GbE NAS released

3. December 2021
Blackmagic Cloud Store

Blackmagic Cloud Store: Top NAS model with up to 320 TB of storage

20. April 2022

NAS from Western Digital: Support is discontinued

1. December 2021

No replies yet

Beginne die Diskussion →

Neue Antworten laden...

Avatar of Basic Tutorials
Basic Tutorials

Neues Mitglied

3,701 Beiträge 1,487 Likes
Angeheftet Feb 11, 2022

QNAP unfortunately seems to suffer from a „small“ security problem again. It should be possible to access the contents of the manufacturer’s network storage via a backdoor in Samba. But the company has already published suitable solutions to the problem, which you should quickly incorporate into your personal NAS config. Dangerous root security vulnerability This … (Weiterlesen...)

Antworten Like

Beteilige dich an der Diskussion in der Basic Tutorials Community →

Back to top button