Internet

Have QNAP and Synology fixed the NAS security flaws?

Deepak GuptaAugust 31, 2021
0

No updates for QNAP and Synology

As of this writing, both QNAP and Synology continue to work on launching as soon as possible. updates for users with NAS vulnerable to these security flaws. However, it has not yet been corrected and therefore the teams are still in danger.

In the case of QNAP, there are two security flaws logged as CVE-2021-3711 and CVE-2021-3712. These vulnerabilities affect NAS devices running QTS, QuTS hero, QuTScloud, and HBS 3 Hybrid Backup Sync.

The first vulnerability is based on the buffer overflow in the SM2 algorithm. This can cause crashes or remote code execution. In the case of the second failure, it is due to read buffer overflow during ASN.1 string processing. They can also use it to block applications or access private memory.

It must be taken into account that these are OpenSSL that affect QNAP devices. Since OpenSSL they have already corrected the problem when launching OpenSSL 1.1.1l a few days ago. However, QNAP continues to work on being able to release patches for its users as soon as possible.

Vulnerability in NAS Synology

Remote access and denial of service

In the case of Synology, which has multiple devices affected as they are DSM 7.0, DSM 6.2, DSM UC, SkyNAS, VS960HD, SRM 1.2, VPN Plus Server and VPN Server, it has not published updates to correct the problem at the moment. They ensure that they are working and that those patches are in progress so that, in the shortest possible time, users can apply them.

Synology devices have been affected by the two vulnerabilities that also put QNAP NAS at risk and that, for now, do not have the necessary patches to correct them and work without any security risk.

An attacker could perform attacks from denial of service remotely and get to execute arbitrary code Using a vulnerable version of Synology DiskStation Manager, Synology Router Manager, VPN Plus Server, or VPN Server.

Therefore, in both cases we are still waiting for security updates that can correct the problem. Both QPAN and Synology are working on being able to offer their customers these patches that correct the vulnerabilities as soon as possible. You can see some tips to protect a NAS.

From RedesZone we always recommend applying all the updates and patches security available. It is the best measure to ensure that any device connected to the network is protected and does not have any flaw that could allow an attacker to infect with malware, enter the computer or perform any action remotely. But of course, sometimes we can have problems for these updates if we use obsolete devices or, as in the case that we have seen in this article, that they take time to arrive.

We have other articles that may interest you:
  1. Do you use an IoT device? You have to know the security risk
  2. Do you have a Synology NAS? A botnet is attacking them by brute force
  3. A new threat hijacks your files on QNAP NAS and Synology
  4. Do you have a Synology NAS? Beware of these vulnerabilities
  5. QNAP launches QTS 5.0 and QuTSHero 5.0 in beta: Discover all the news
  6. Is it dangerous for my NAS to have remote access from the Internet?
Deepak GuptaAugust 31, 2021
0

Related Articles

Why you should change the Wi-Fi and router password

March 24, 2022

This is how Chinese cybercriminals are hacking TP-Link routers to attack the whole world

May 17, 2023

Configure OpenVPN server on DBG-2000 and Nuclias Cloud

February 8, 2023

Can a VPN make your Internet go faster?

May 13, 2022

Leave a Reply

Your email address will not be published. Required fields are marked *