QNAP has issued a warning about a critical security flaw in its Windows backup software and NetBak PC Agent, related to the CVE-2025-55315 vulnerability in ASP.NET Core, which could allow attackers to hijack credentials or bypass security controls. Users are advised to update their ASP.NET Core runtime or reinstall the affected applications to mitigate risks. This follows previous security updates QNAP released for other vulnerabilities in its backup solutions.
A recent firmware update for QNAP NAS devices caused access issues for many users, prompting the company to withdraw the update and release a fixed version within 24 hours. Despite QNAP's quick response, users reported problems across various models, including access denial and boot issues. The company's support response has been criticized, leaving some users concerned about the reliability of their storage systems.
QNAP NAS users are experiencing login issues after a problematic firmware update, QTS 5.2.2.2950, which was initially released and then withdrawn due to user complaints. The update affected certain models in the TS-x53D and TS-x51 series, leaving users unable to access their devices even after resets. QNAP has re-released a stable version and advises affected users to either downgrade or contact tech support, though some users report a lack of response from support. This incident highlights ongoing challenges with software updates in the tech industry.
QNAP has warned of critical vulnerabilities in its NAS software products that could allow attackers to access devices, including an authentication bypass flaw that can be executed remotely without authentication. The flaws impact various versions of QNAP's operating systems, and users are recommended to upgrade to specific versions to address the vulnerabilities. NAS devices are often targeted for data theft and extortion, so it's crucial for owners to keep their software updated and avoid exposing these devices to the internet.
QNAP has disclosed and released fixes for two new vulnerabilities, one of which is a zero-day discovered in early November. There is confusion over the severity of the security problem, with QNAP assigning a middling severity score while Unit 42 and the German Federal Office for Information Security (BSI) express more urgent concerns. The vulnerabilities, including command injection flaws, affect various QNAP firmware versions and could lead to remote code execution. The company's disclosure process has been marred by disagreements over coordination and patch release dates. Users are advised to apply patches quickly and upgrade to the latest available firmware versions.
A botnet named 'InfectedSlurs' is actively exploiting a remote code execution vulnerability in QNAP VioStor NVR devices, using them for DDoS attacks. The botnet was discovered by Akamai's Security Intelligence Response Team, who observed the exploitation of two zero-day vulnerabilities in routers and NVR devices. The first vulnerability affects FXC AE1021 and AE1021PE WiFi routers, while the second vulnerability impacts QNAP VioStor NVR models running QVR firmware 4.x. QNAP has released security updates and recommends users update their firmware and change passwords. Legacy VioStor NVR models that have reached end-of-life will not receive security updates and should be replaced.
QNAP has released security updates to address two critical security flaws, CVE-2023-23368 and CVE-2023-23369, that could allow remote attackers to execute commands via a network. The vulnerabilities affect QTS, QuTS hero, QuTScloud, Multimedia Console, and Media Streaming add-on. Users are urged to update to the latest versions to mitigate potential threats, especially considering QNAP devices have been targeted in ransomware attacks in the past.
Photographer Jeff Cable shares his experience transitioning from a Drobo NAS system to a QNAP NAS system, including the installation process, data migration of 1.5 million photos, and the challenges faced with indexing and re-indexing the drive. He highlights the benefits of using a 4TB Crucial x10 SSD drive as his main drive for faster access and the ease of setting up remote synchronization between the QNAP NAS units. Cable praises the user interface, features, and reliability of the QNAP system, particularly the ability to access files remotely and the auto backup of his camera roll. He concludes that the QNAP solution has surpassed his previous setup and provides peace of mind for his photography business.
