A critical new vulnerability disclosed by network-attached storage (NAS) vendor QNAP this week could be exploited in nearly 30,000 devices worldwide, according to Censys.
The security company scanned the internet and found 67,415 hosts running QNAP-based systems around the world. Of those, only 30,250 were able to see version numbers, but a worrying 98% were potentially vulnerable to attacks exploiting new flaws.
According to Mark Elllzey, senior security researcher at Censys, only a few hundred were running the updated firmware version released by the Taiwanese vendor to fix the bug.
“We found that out of 30,520 hosts of a version, only 557 were running QuTS Hero with ‘h5.0.1.2248’ or higher or QTS with ‘5.0.1.2234’ or higher. That means 29,968 hosts could be affected. This vulnerability,” he warned.
“If an exploit is made public and weaponized, it could cause problems for thousands of QNAP users. Everyone should upgrade their QNAP devices immediately to protect themselves from future ransomware campaigns.” there is.”
Most of the vulnerable hosts are in the United States (3149), followed by Italy (3200) and Taiwan (1942).
The details of the vulnerability in question, CVE-2022-27596, have been kept secret for now, presumably to give customers time to patch it. But it may not be long before attackers try to weaponize it with exploits, he warns Censys.
“We had a discussion with QNAP about an issue regarding the Deadbolt ransomware campaign. During its peak, the campaign managed to infect over 20,000 devices and steal just under $200,000 from victims. There are no indications of this new exploit being used, but the threat is definitely imminent,” Ellzey claimed.
“Given that the Deadbolt ransomware was specifically designed to target QNAP NAS devices, it is very likely that the same criminals will use it to spread the same ransomware again if the exploit is made public. will be higher.”
CVE appears to be an easily exploitable, unauthenticated SQL injection vulnerability. The CVSS score was 9.8.
