Security researchers at SAM Seamless Network have warned of vulnerabilities in QNAP small office/home office (SOHO) network-attached storage (NAS) devices, the exploitation of which could allow attackers to execute code remotely.

Issues affect QNAP TS-231 SOHO NAS devices running firmware version 4.3.6.1446, but potentially impact other QNAP devices with the same firmware version. QNAP has warned that NAS TS-231 has already reached end of life (EOL) and will no longer receive software updates.

"These vulnerabilities are very dangerous as they allow for full takeover of devices from the network including access to the user’s stored data," - said in a message from SAM.

Security researchers deem these problems as being of critical severity and have refrained from providing full details on them yet. According to them, vulnerabilities potentially impact tens of thousands of QNAP devices that are exposed to the Internet.

Source: securitylab.ru