September 27, 2020

QNAP NAS devices have high-risk vulnerabilities attacked by eCh0raix ransomware

2 min read

NAS servers provided by NAS attached network storage provider, QNAP have been exposed to high-risk vulnerabilities, and attackers have begun to exploit these vulnerabilities.

Such additional network storage devices are usually used to build a private cloud environment in the home, and at the same time, various files and data of users can be uploaded to achieve the purpose of backup.

Unfortunately, as a private cloud and backup server, QNAP also has high-risk vulnerabilities exploited by attackers. Some attackers develop ransomware against QNAP.

PGA ransomware

The ransomware is called eCh0raix, which is specifically aimed at the server of QNAP. Since June 1, quite a few users reported that they were attacked by ransomware.

The attacker infects the device through a high-risk vulnerability in QNAP, encrypts all the data, and then blackmails the user.

NAS devices are usually used as backup servers for private clouds and files. Once infected with ransomware, it may pose a great threat to users.

This also reminds us that even if we have set up a private cloud server, we cannot relax our vigilance. It is better to synchronize important data to the cloud for backup to prevent ransomware.

After a large number of users reported encountering ransomware attacks since June 1, QNAP officials conducted an investigation and issued a security bulletin on June 6 to confirm the existence of the vulnerability.

CVE-2018-19943: Cross-site scripting in File Station. With this vulnerability, an attacker can inject malicious code remotely to achieve the purpose of remote control.

CVE-2018-19949: Command Injection In Username On Proper Authentication After Account Creation. With this vulnerability, an attacker can inject malicious code remotely to achieve the purpose of remote control.

CVE-2018-19953: Cross-site scripting in File Station. With this vulnerability, attackers can inject malicious code remotely to achieve remote control.

QNAP announced that QTS 4.2.6, 4.3.3.1252, 4.3.4.1282, 4.3.6.1263, 4.4.1.1261, 4.4.2.1270 have fixed these vulnerabilities.

If the version of the QNAPQTS system used by the user is lower than the above version, it should be upgraded immediately. If it is not upgraded, it may be infected by the ransomware without interaction.

Via: ZDNet