1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • QNAP says it is working on patches for OpenSSL bugs impacting its

    From TechnologyDaily@1337:1/100 to All on Tue Aug 31 16:15:04 2021
    QNAP says it is working on patches for OpenSSL bugs impacting its NAS devices

    Date:
    Tue, 31 Aug 2021 14:48:29 +0000

    Description:
    QNAP joins Synology in failing to issue a fix to address the already patched OpenSSL vulnerabilities.

    FULL STORY ======================================================================

    Taiwanese storage manufacturer QNAP has acknowledged that some of its Network-Attached Storage (NAS) devices are impacted by the vulnerabilities reported by OpenSSL , though it is still to release a fix.

    According to the company, the OpenSSL security flaws tracked as CVE-2021-3711 and CVE-2021-3712 , impact its devices that run its QTS, QuTS hero, QuTScloud operating system, as well as the Hybrid Backup Sync (HBS 3) data backup and disaster recovery solution.

    In its advisory , QNAP explains that the vulnerabilities can be exploited to enable remote attackers to read data in the memory of the affected device, trigger a denial-of-service (DoS) attack, or run arbitrary code with the same permissions as that of the user running the HBS 3 app. TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

    Click here to start the survey in a new window << These are the best endpoint protection tools Heres our list of the best NAS devices currently on offer Take a look at the best NAS drives in the market

    QNAP is thoroughly investigating the case. We will release security updates and provide further information as soon as possible, read the QNAP advisory. Whats the hold up?

    Interestingly, the OpenSSL development team has already released OpenSSL v1.1.1l to address the flaws last week, on August 24.

    However, the latest QNAP advisories only acknowledge the presence of the vulnerabilities in its devices. Not only has the company not released a fix, it hasnt even put out an estimated date by which users can expect a patch.

    QNAP isnt alone though. Last week, fellow Taiwanese NAS vendor Synology also acknowledged the presence of the OpenSSL vulnerabilities in a slew of its products. And just like QNAP, Synology too hasnt yet addressed the flaws, and instead tags them as Pending and Ongoing.

    Internet-connected NAS devices are one of the favorite targets of attackers , and both Synology and QNAP have been on the receiving end of such campaigns.

    Although there havent yet been reports of a campaign against these devices that capitalize on the OpenSSL vulnerabilities, the delay in issuing patches should be a cause of concern for owners of the vulnerable devices. Protect your devices with these best antivirus software



    ======================================================================
    Link to news story: https://www.techradar.com/news/qnap-says-it-is-working-on-patches-for-openssl- bugs-impacting-its-nas-devices/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)