A critical vulnerability on QNAP NAS devices was recently patched by the Taiwanese firm. But the issue is that thousands of devices, say 59,000 in number, are yet to receive the update or have to be updated by the admins to avoid hackers from exploiting the SQL Injection Vulnerability.
To those new to QNAP, the company is into the manufacturing of network attacks storage devices and has been constantly facing issued regarding security for the past 2 years.
QNAP has issued a CVSS score of 9.8 out of 10 which is severe on the severity score as hackers can easily take control of the device without engaging the user or victim in any sort of interaction.
In order to secure themselves from attacks, QNAP customers might upgrade their device OS version to QTS 126.96.36.1994 or later and the same applies to the QuTS Hero h188.8.131.528 version as well.
A recent study carried out by Censys Security discovered that only 550 out of 60,000 QNAP NAS devices were found to be patched with the fix and so others are still open to attacks such as ransomware, where a malware is used to encrypt an information storing appliance.
Previously, to avoid all such exploitation troubles, the data storage appliance maker urged its customers to disable the port forwarding feature of the router, as it can open a gateway for hackers to attack NAS devices. Additionally, the company also requested its customers to disable the UPnP function on the QNAP NAS device to stay out of trouble.
NOTE- In January this year, the company introduced new appliances that operate on hybrid processors and support El. S SSD support. So, such appliances can not only serve as simple file servers or backup nodes, but can also serve as computing servers for basic needs.