Serious PHP defects can lead to rce attacks on QNAP NAS devices

Focus on source code security , Collect the latest information at home and abroad ！
compile ： Code guard

QNAP Remind the customer to say , An attacker can take advantage of a serious problem that has existed for three years PHP Loophole (CVE-2019-11043), stay NAS The device executes remote code . The company said in the latest safety announcement that , Default configured NAS The equipment is not affected , Running old systems （ stay 2017 - 2019 Issued during the year ） Your device is affected .
QNAP Support... In security bulletins ,“PHP lower than 7.1.33 Version of 7.1.x、 lower than 7.2.24 Version of 7.2.x And below 7.2.11 Of 7.3.x Affected by a vulnerability , This vulnerability, if exploited, can cause an attacker to execute remote code . To protect your equipment , It is recommended to update the system to the latest version regularly .”
QNAP It is a hardware manufacturer in Taiwan, China , Some vulnerable operating system versions have been fixed （QTS 5.0.1.2034 build 20220515 Or later versions and QuTS hero h5.0.0.2069 build 20220614 Or later ）.
The flaw is CVE-2019-11043, A large number of equipment that affect the operation of the following systems ：

• QTS 5.0.x And later

• QTS 4.5.x And later

• QuTS hero h5.0.x And later

• QuTS hero h4.5.x And later

• QuTScloud c5.0.x And later QMAP If the customer needs to NAS The device automatically updates to the latest firmware version , You need to log in as an administrator QTS、QuTS hero or QuTScloud, Click on the control panel ＞ System ＞ Under firmware update “ Check for updates ” Button . In addition, you can also learn from Support＞Download Center download QNAP Website update , Manually upgrade the device .
  QNAP The device was attacked by blackmail software
  Thursday ,QNAP Remind the customer that the equipment is deployed DeadBolt Blackmail Software payload Active attacks on .
  Last weekend, ,Bleeping Computer Reports said , The ransomware began to attack vulnerable again QNAP NAS equipment . at present ,QNAP No further details about the attack have been released , So no new information about these DeadBolt And infection vectors used in extortion activities .
  QNAP Starting to fix this in all vulnerable firmware versions PHP Loophole (CVE-2019-11043), Users should ensure that the device is not exposed to the Internet to prevent being attacked .QNAP Pointed out that ,NAS Users whose devices are exposed to the Internet should take the following measures to prevent remote access ：

• Disable the router Port Forwading（ Port forwarding ） function ： Enter the management interface of the router , Check the virtual server 、NAT Or port forwarding settings , And disable NAS Manage service ports （ Default is port 8080 and 433） Port forwarding settings for .

• Ban QNAP NAS Of UPnP function ： Get into QTS The directory myQNAPcloud, Click on “ Automatic router configuration ” And uncheck “ Enable UPnP Port forwarding ”. QNAP It also details how to hide remote SSH and Telnet Connect , Change the system port number , Change the device password , And enable the IP And account access protection , Further protect the safety of the equipment .

Code guard trial address ：https://codesafe.qianxin.com
Open source defender trial address ：https://oss.qianxin.com

Recommended reading

Link to the original text
https://www.bleepingcomputer.com/news/security/critical-php-flaw-exposes-qnap-nas-devices-to-rce-attacks/
Title Map ：Pixabay License
This article is compiled by Qianxin , It doesn't represent chianxin's point of view . Reprint please indicate “ Transferred from Cheonan code guard https://codesafe.qianxin.com”.

Cheanson code guard (codesafe)
The first domestic product line focusing on software development security .

I think it's good , Just click on it. “ Looking at ” or " Fabulous ” Well ~
author ： Cheanson code guard

Game programming , A game development favorite ~

If the picture is not displayed for a long time , Please use Chrome Kernel browser .