Security researchers have warned legacy QNAP NAS devices are vulnerable to zero-day cyberattacks. Although QNAP patched two vulnerabilities in recent firmware updates, the company acknowledged patches were not yet available for certain legacy devices.
QNAP has fixed a High severity Command Injection vulnerability CVE-2020-25847 in QTS and QuTS hero.
QNAP Systems has patched two access control vulnerabilities that affect QTS Helpdesk software.
Cyber criminals are using QSnatch malware to target vulnerable QNAP Network Attached Storage (NAS) devices.