Anyone who owns a Qnap NAS or other device must install an update immediately to protect it from a new serious vulnerability, which in the worst case scenario could allow hackers to gain access to data.

Qnap’s NAS devices are again vulnerable to hacking. This time the culprit is called CVE-2023-22809. The vulnerability gets a score of 7.8 and thus the stamp serious. The vulnerability in question allows attackers to gain privileges through a bug in sudo. This allows them to bypass existing policies to gain access to data and settings themselves.

The error occurs on Qnap devices with sudo versions 1.8.0 to 1.9.12p1. This makes QTS, QuTS hero, QuTScloud and QVP vulnerable. In other words, all Qnap NAS operating systems have the gap open.

Patch largely present

Qnap has already rolled out a patch for QTS and QuTS hero, which means most NAS users can update immediately. A solution is being worked on diligently for the other software.

With Qnap in particular, it is always important to install security updates quickly. After all, devices from this manufacturer are actively attacked by hacker groups such as Deadbolt. For now, the bug isn’t being exploited in the wild, but rest assured it’s only a matter of time before it is.

Qnap itself shares more details about the bug and available updates on its website.