Better security in general!

Tell us your most wanted features from QNAP products.
Locked
EvilMastermindG
New here
Posts: 2
Joined: Fri May 14, 2021 5:29 am

Better security in general!

Post by EvilMastermindG »

Here's a recent example:
https://www.qnap.com/en-us/security-adv ... dium=email

Release date: May 13, 2021
Security ID: QSA-21-16
Severity: Medium
CVE identifier: CVE-2020-36198
Affected products: QNAP NAS running Malware Remover 4.x
Status: Resolved

Summary
A command injection vulnerability has been reported to affect certain versions of Malware Remover. If exploited, this vulnerability allows remote attackers to execute arbitrary commands.

We have already fixed the issue in the following versions:
QTS 4.4.x: Malware Remover 4.6.1.0 and later

QNAP NAS running Malware Remover 3.x are not affected.


^^^ So what all does that tell me? Not a lot, other than the fact now that since I've bought my QNAP NAS, we have these:

https://www.qnap.com/en-us/security-adv ... ry_details

I mean, just LOOK at the first page of that list. EVERYTHING on the first page has to do with the ability for attackers to execute arbitrary commands on the device.

Here's my legitimate question: Who writes the code for these apps, and why hasn't QNAP replaced these people with developers who are ACTUALLY COMPETENT? Is it the NSA or the CCP/Chinese military? Or was this contracted to a consulting group in Eastern Europe who had dreams of creating an outstanding platform from which to execute ransomware attacks for an indefinite revenue stream?

WHY doesn't QNAP proactively audit their own code, and just act in a reactive manner to known vulnerabilities? They clearly do NOT do this.

My current opinion is that while the QNAP NAS is useful, it should ABSOLUTELY be locked down because relying on QNAP itself to provide anything remotely resembling reliable security at this point would be absurd. I honestly hope someone at QNAP in charge of software reads this post.
User avatar
dolbyman
Guru
Posts: 35014
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: Better security in general!

Post by dolbyman »

already a thread open for it
viewtopic.php?f=45&t=161320

The answer to your questions:

We(user forum) do not know and QNAP won't come here to answer you
User avatar
Toxic17
Ask me anything
Posts: 6469
Joined: Tue Jan 25, 2011 11:41 pm
Location: Planet Earth
Contact:

Re: Better security in general!

Post by Toxic17 »

Regards Simon

Qnap Downloads
MyQNap.Org Repository
Submit a ticket • QNAP Helpdesk
QNAP Tutorials, User Manuals, FAQs, Downloads, Wiki
When you ask a question, please include the following


NAS: TS-673A QuTS hero h5.1.2.2534 • TS-121 4.3.3.2420 • APC Back-UPS ES 700G
Network: VM Hub3: 500/50 • UniFi UDM Pro: 3.2.9 • UniFi Network Controller: 8.0.28
USW-Aggregation: 6.6.61 • US-16-150W: 6.6.61 • 2x USW Mini Flex 2.0.0 • UniFi AC Pro 6.6.62 • UniFi U6-LR 6.6.62
UniFi Protect: 2.11.21/8TB Skyhawk AI • 3x G3 Instants: 4.69.55 • UniFi G3 Flex: 4.69.55 • UniFi G5 Flex: 4.69.55
Locked

Return to “Features Wanted”